另外两个metasploit的猥琐插件(转载影子大叔)

简介: 其实,这个nikto的思路跟我之前那个一样的,只是这个代码写的工整一点,郁闷。http://code.

其实,这个nikto的思路跟我之前那个一样的,只是这个代码写的工整一点,郁闷。

http://code.google.com/p/msf-hack/

# arp_sweep discovery module for local networks

# wmap_nikto integration between wmap and nikto


This module integrate wmap with nikto.
install

# cp wmap_nikto.rb ./modules/auxiliary/scanner/http/

edit nikto.conf:

EXECDIR=<full path of your nikto installation>

usage

##                          ###           ##    ##
##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
##


=[ msf v3.3-dev
+ -- --=[ 391 exploits - 264 payloads
+ -- --=[ 20 encoders - 7 nops
=[ 178 aux

msf auxiliary(arp_sweep) > load db_wmap
[*] =[ WMAP v0.3 - ET LoWNOISE
[*] Successfully loaded plugin: db_wmap
msf auxiliary(arp_sweep) > db_connect /home/belch/pt/test/wmap.db
[*] Successfully connected to the database
[*] File: /home/belch/pt/test/wmap.db
msf auxiliary(arp_sweep) > wmap_targets -r
[*] Added. 87.230.87.158 80 0
[*] Added. 87.230.87.158 80 0
msf auxiliary(arp_sweep) > wmap_targets -s 1
msf auxiliary(arp_sweep) > wmap_website
[*] Website structure
[*] 87.230.87.158:80 SSL:0
ROOT_TREE
+------CVS
+------logout.php
+------cart.php
+------login.php
+------cgi-bin
+------artists.php
+------Templates
+------listproducts.php
+------icons
+------admin
+------guestbook.php
|       AJAX
|       +------styles.css
|       +------index.php
|       secured
|       +------style.css
|       +------newuser.php
+------signup.php
|       images
|       +------remark.gif
|       +------logo.gif
+------product.php
+------privacy.php
+------disclaimer.php
+------userinfo.php
+------favicon.ico
|       Flash
|       +------add.swf
+------manual
+------index.php
+------categories.php
+------style.css
+------error
+------showimage.php
[*] Done.
msf auxiliary(arp_sweep) > setg NIKTO_PATH /opt/pt/web/nikto-2.03/nikto.pl
NIKTO_PATH => /opt/pt/web/nikto-2.03/nikto.pl
msf auxiliary(arp_sweep) > setg NIKTO_OPTS -o /tmp/nikto-msf.txt
NIKTO_OPTS => -o /tmp/nikto-msf.txt
msf auxiliary(arp_sweep) > wmap_run -e /opt/pt/framework/framework-trunk/data/wmap/wmap_nikto_profile.txt
[*] Using profile /opt/pt/framework/framework-trunk/data/wmap/wmap_nikto_profile.txt.
[*] Launching auxiliary/scanner/http/wmap_nikto WMAP_DIR / against 87.230.87.158:80...
....

to grab results:

# cat /tmp/nikto-msf.txt

Arp Sweeper


Introduction

This module allow to discovery hosts on a localnetwork by sending arp-request to each of them.
install

# cp arp_sweeper.rb ./modules/auxiliary/scanner/discovery/

usage

belch@graal:/opt/pt/framework/framework-trunk# ./msfconsole -r ./arp_sweep

_                  _       _ _
| |                | |     (_) |
_ __ ___   ___| |_ __ _ ___ _ __ | | ___  _| |_
| '_ ` _ / / _ / __/ _` / __| '_ /| |/ _ /| | __|
| | | | | |  __/ || (_| /__ / |_) | | (_) | | |_
|_| |_| |_|/___|/__/__,_|___/ .__/|_|/___/|_|/__|
| |
|_|


=[ msf v3.3-dev
+ -- --=[ 390 exploits - 232 payloads
+ -- --=[ 20 encoders - 7 nops
=[ 169 aux

resource> use auxiliary/scanner/discovery/arp_sweep
msf auxiliary(arp_sweep) > info

Name: Local Network Discovery
Version: $Revision:$
License: Metasploit Framework License (BSD)

Provided by:
unknown <belch>

Basic options:
Name     Current Setting  Required  Description                                 
----     ---------------  --------  -----------                                 
RHOSTS                    yes       The target address range or CIDR identifier 
SHOST                     yes       Source IP Address                           
SMAC                      yes       Source MAC Address                          
THREADS  1                yes       The number of concurrent threads            

Description:
Enumerate alive Hosts in local network using ARP raw packets

msf auxiliary(arp_sweep) > setg RHOSTS 192.168.1.0/24
RHOSTS => 192.168.1.0/24
msf auxiliary(arp_sweep) > setg SHOST 192.168.1.12
SHOST => 192.168.1.12
msf auxiliary(arp_sweep) > setg SMAC 00:22:15:eb:19:4f
SMAC => 00:22:15:eb:19:4f
msf auxiliary(arp_sweep) > run

[*] 192.168.1.1 is at 00:00:0c:07:ac:24
[*] 192.168.1.2 is at 00:1f:ca:b1:07:bf
[*] 192.168.1.3 is at 00:1f:ca:b0:e1:3f
[*] 192.168.1.21 is at 08:00:37:18:eb:ef
[*] 192.168.1.22 is at 08:00:37:37:75:d7
[*] 192.168.1.23 is at 00:14:38:d5:7c:9d
[*] 192.168.1.24 is at 00:15:99:29:30:6a

目录
相关文章
|
5月前
|
安全
Metasploit -- 扫描并分析主机(文字版) 原创
Metasploit -- 扫描并分析主机(文字版) 原创
36 0
|
安全 C++
ANSYS逆向分析功能介绍
逆向求解背景介绍、操作步骤、结果输出和解读
ANSYS逆向分析功能介绍
|
小程序 程序员 测试技术
软件问题修复跟踪系统实战开发教程(上篇)
软件问题修复跟踪系统实战开发教程(上篇)
软件问题修复跟踪系统实战开发教程(上篇)
|
数据采集 搜索推荐 Shell
Hexo博客功能扩展 - 菜单,SEO以及作者信息
Hexo博客功能扩展 - 菜单,SEO以及作者信息
205 0
|
搜索推荐
月光博客:我的知识管理工具列表(强烈推荐收藏)
月光博客:我的知识管理工具列表(强烈推荐收藏) 齐码代码 2013-03-03 200 阅读 软件 工具 如何保存和管理知识,是个人知识管理的一个非常重要的问题。善用各类知识管理工具,可以让一个人管理知识达到事半功倍的效果,月光博客对于国内外各种工具软件都有一些使用,也颇有些感悟,在2010年的时候,我曾经总结过一次《我的个人知识管理工具软件》,三年过去了,很多工具都发生了变化,这里我就总结一下自己最新的个人知识管理工具软件,供大家参考。
2503 1