售 价:¥
6.2
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
Nmap 6: Network Exploration and Security Auditing Cookbook
Table of Contents
Nmap 6: Network Exploration and Security Auditing Cookbook
Credits
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Nmap Fundamentals
Introduction
Downloading Nmap from the official source code repository
Getting ready
How to do it...
How it works...
There's more...
Experimenting with development branches
Keeping your source code up-to-date
See also
Compiling Nmap from source code
Getting ready
How to do it...
How it works...
There's more...
OpenSSL development libraries
Configure directives
Precompiled packages
See also
Listing open ports on a remote host
How to do it...
How it works...
There's more...
Privileged versus unprivileged
Port states
Port scanning techniques supported by Nmap
See also
Fingerprinting services of a remote host
How to do it...
How it works...
There's more...
Aggressive detection
Submitting service fingerprints
See also
Finding live hosts in your network
How to do it...
How it works...
There's more...
Traceroute
NSE scripts
See also
Scanning using specific port ranges
How to do it...
How it works...
There's more...
See also
Running NSE scripts
How to do it...
How it works...
There's more...
NSE script arguments
Adding new scripts
NSE script categories
See also
Scanning using a specified network interface
How to do it...
How it works...
There's more...
Checking a TCP connection
See also
Comparing scan results with Ndiff
Getting ready
How to do it...
How it works...
There's more...
Output format
Verbose mode
See also
Managing multiple scanning profiles with Zenmap
How to do it...
How it works...
There's more...
Editing and deleting a scan profile
See also
Detecting NAT with Nping
How to do it...
How it works...
There's more...
Nping Echo Protocol
See also
Monitoring servers remotely with Nmap and Ndiff
How to do it...
How it works...
There's more...
Monitoring specific services
See also
2. Network Exploration
Introduction
Discovering hosts with TCP SYN ping scans
How to do it...
How it works...
There's more...
Privileged versus unprivileged TCP SYN ping scan
Firewalls and traffic filters
See also
Discovering hosts with TCP ACK ping scans
How to do it...
How it works...
There's more...
Privileged versus unprivileged TCP ACK ping scan
Selecting ports in TCP ACK ping scans
See also
Discovering hosts with UDP ping scans
How to do it...
How it works...
There's more...
Selecting ports in UDP ping scans
See also
Discovering hosts with ICMP ping scans
How to do it...
How it works...
There's more...
ICMP types
See also
Discovering hosts with IP protocol ping scans
How to do it...
How it works...
There's more...
Supported IP protocols and their payloads
See also
Discovering hosts with ARP ping scans
How to do it...
How it works...
There's more...
MAC address spoofing
See also
Discovering hosts using broadcast pings
How to do it...
How it works...
There's more...
Target library
See also
Hiding our traffic with additional random data
How to do it...
How it works...
There's more...
See also
Forcing DNS resolution
How to do it...
How it works...
There's more...
Specifying different DNS nameservers
See also
Excluding hosts from your scans
How to do it...
How it works...
There's more...
Excluding a host list from your scans
See also
Scanning IPv6 addresses
How to do it...
How it works...
There's more...
OS detection in IPv6 scanning
See also
Gathering network information with broadcast scripts
How to do it...
How it works...
There's more...
Target library
See also
3. Gathering Additional Host Information
Introduction
Geolocating an IP address
Getting ready
How to do it...
How it works...
There's more...
Submitting a new geo-location provider
See also
Getting information from WHOIS records
How to do it...
How it works...
There's more...
Disabling cache and the implications of this
See also
Checking if a host is known for malicious activities
Getting ready
How to do it...
How it works...
There's more...
See also
Collecting valid e-mail accounts
Getting ready
How to do it...
How it works...
There's more...
NSE script arguments
HTTP User Agent
See also
Discovering hostnames pointing to the same IP address
Getting ready
How to do it...
How it works...
There's more...
See also
Brute forcing DNS records
How to do it...
How it works...
There's more...
Target library
See also
Fingerprinting the operating system of a host
How to do it...
How it works...
There's more...
OS detection in verbose mode
Submitting new OS fingerprints
See also
Discovering UDP services
How to do it...
How it works...
There's more...
Port selection
See also
Listing protocols supported by a remote host
How to do it...
How it works...
There's more...
Customizing the IP protocol scan
See also
Discovering stateful firewalls by using a TCP ACK scan
How to do it...
How it works...
There's more...
Port states
See also
Matching services with known security vulnerabilities
Getting ready
How to do it...
How it works...
There's more...
See also
Spoofing the origin IP of a port scan
Getting ready
How to do it...
How it works...
There's more...
The IP ID sequence number
See also
4. Auditing Web Servers
Introduction
Listing supported HTTP methods
How to do it...
How it works...
There's more...
Interesting HTTP methods
HTTP User Agent
HTTP pipelining
See also
Checking if an HTTP proxy is open
How to do it...
How it works...
There's more...
HTTP User Agent
See also
Discovering interesting files and directories on various web servers
How to do it...
How it works...
There's more...
HTTP User Agent
HTTP pipelining
See also
Brute forcing HTTP authentication
How to do it...
How it works...
There's more...
HTTP User Agent
HTTP pipelining
Brute modes
See also
Abusing mod_userdir to enumerate user accounts
How to do it...
How it works...
There's more...
HTTP User Agent
HTTP pipelining
See also
Testing default credentials in web applications
How to do it...
How it works...
There's more...
HTTP User Agent
See also
Brute-force password auditing WordPress installations
How to do it...
How it works...
There's more...
HTTP User Agent
Brute modes
See also
Brute-force password auditing Joomla! installations
How to do it...
How it works...
There's more...
HTTP User Agent
Brute modes
See also
Detecting web application firewalls
How to do it...
How it works...
There's more...
HTTP User Agent
HTTP pipelining
See also
Detecting possible XST vulnerabilities
How to do it...
How it works...
There's more...
HTTP User Agent
See also
Detecting Cross Site Scripting vulnerabilities in web applications
How to do it...
How it works...
There's more...
HTTP User Agent
HTTP pipelining
See also
Finding SQL injection vulnerabilities in web applications
How to do it...
How it works...
There's more...
HTTP User Agent
HTTP pipelining
See also
Detecting web servers vulnerable to slowloris denial of service attacks
How to do it...
How it works...
There's more...
HTTP User Agent
See also
5. Auditing Databases
Introduction
Listing MySQL databases
How to do it...
How it works...
There's more...
See also
Listing MySQL users
How to do it...
How it works...
There's more...
See also
Listing MySQL variables
How to do it...
How it works...
There's more...
See also
Finding root accounts with empty passwords in MySQL servers
How to do it...
How it works...
There's more...
See also
Brute forcing MySQL passwords
How to do it...
How it works...
There's more...
Brute modes
See also
Detecting insecure configurations in MySQL servers
How to do it...
How it works...
There's more...
See also
Brute forcing Oracle passwords
How to do it...
How it works...
There's more...
Brute modes
See also
Brute forcing Oracle SID names
How to do it...
How it works...
There's more...
See also
Retrieving MS SQL server information
How to do it...
How it works...
There's more...
Force scanned ports only in NSE scripts for MS SQL
See also
Brute forcing MS SQL passwords
How to do it...
How it works...
There's more...
Brute modes
See also
Dumping the password hashes of an MS SQL server
How to do it...
How it works...
There's more...
See also
Running commands through the command shell on MS SQL servers
How to do it...
How it works...
There's more...
See also
Finding sysadmin accounts with empty passwords on MS SQL servers
How to do it...
How it works...
There's more...
Force scanned ports only in NSE scripts for MS SQL
See also
Listing MongoDB databases
How to do it...
How it works...
There's more...
See also
Retrieving MongoDB server information
How to do it...
How it works...
There's more...
See also
Listing CouchDB databases
How to do it...
How it works...
There's more...
See also
Retrieving CouchDB database statistics
How to do it...
How it works...
There's more...
See also
6. Auditing Mail Servers
Introduction
Discovering valid e-mail accounts using Google Search
Getting ready
How to do it...
How it works...
There's more...
Debugging NSE scripts
See also
Detecting open relays
How to do it...
How it works...
There's more...
Debugging NSE scripts
See also
Brute forcing SMTP passwords
How to do it...
How it works...
There's more...
Brute modes
Debugging NSE scripts
See also
Enumerating users in an SMTP server
How to do it...
How it works...
There's more...
Debugging NSE scripts
See also
Detecting backdoor SMTP servers
How to do it...
How it works...
There's more...
See also
Brute forcing IMAP passwords
How to do it...
How it works...
There's more...
Brute modes
Debugging NSE scripts
See also
Retrieving the capabilities of an IMAP mail server
How to do it...
How it works...
There's more...
Debugging NSE scripts
See also
Brute forcing POP3 passwords
How to do it...
How it works...
There's more...
Debugging NSE scripts
See also
Retrieving the capabilities of a POP3 mail server
How to do it...
How it works...
There's more...
Debugging NSE scripts
See also
Detecting vulnerable Exim SMTP servers version 4.70 through 4.75
How to do it...
How it works...
There's more...
Debugging NSE scripts
See also
7. Scanning Large Networks
Introduction
Scanning an IP address range
How to do it...
How it works...
There's more...
CIDR notation
Privileged versus unprivileged
Port states
Port scanning techniques
See also
Reading targets from a text file
How to do it...
How it works...
There's more...
CIDR notation
Excluding a host list from your scans
See also
Scanning random targets
How to do it...
How it works...
There's more...
Legal issues with port scanning
Target library
See also
Skipping tests to speed up long scans
How to do it...
How it works...
There's more...
Scanning phases of Nmap
Debugging Nmap scans
Aggressive detection
See also
Selecting the correct timing template
How to do it...
How it works...
There's more...
See also
Adjusting timing parameters
How to do it...
How it works...
There's more...
Scanning phases of Nmap
Debugging Nmap scans
See also
Adjusting performance parameters
How to do it...
How it works...
There's more...
Scanning phases of Nmap
Debugging Nmap scans
See also
Collecting signatures of web servers
How to do it...
How it works...
There's more...
HTTP User Agent
See also
Distributing a scan among several clients using Dnmap
Getting ready
How to do it...
How it works...
There's more...
Dnmap statistics
See also
8. Generating Scan Reports
Introduction
Saving scan results in normal format
How to do it...
How it works...
There's more...
Saving Nmap's output in all formats
Including debugging information in output logs
Including the reason for a port or host state
Appending Nmap output logs
OS detection in verbose mode
See also
Saving scan results in an XML format
How to do it...
How it works...
There's more...
Saving Nmap's output in all formats
Appending Nmap output logs
Structured script output for NSE
See also
Saving scan results to a SQLite database
Getting Ready
How to do it...
How it works...
There's more...
Dumping the database in CSV format
Fixing outputpbnj
See also
Saving scan results in a grepable format
How to do it...
How it works...
There's more...
Saving Nmap's output in all formats
Appending Nmap output logs
See also
Generating a network topology graph with Zenmap
How to do it...
How it works...
There's more...
See also
Generating an HTML scan report
Getting Ready...
How to do it...
How it works...
There's more...
See also
Reporting vulnerability checks performed during a scan
How to do it...
How it works...
There's more...
See also
9. Writing Your Own NSE Scripts
Introduction
Making HTTP requests to identify vulnerable Trendnet webcams
How to do it...
How it works...
There's more...
Debugging Nmap scripts
Setting the user agent pragmatically
HTTP pipelining
See also
Sending UDP payloads by using NSE sockets
How to do it...
How it works...
There's more...
Exception handling
Debugging Nmap scripts
See also
Exploiting a path traversal vulnerability with NSE
How to do it...
How it works...
There's more...
Debugging NSE scripts
Setting the user agent pragmatically
HTTP pipelining
See also
Writing a brute force script
How to do it...
How it works...
There's more...
Debugging NSE scripts
Exception handling
Brute modes
See also
Working with the web crawling library
How to do it...
How it works...
There's more...
Debugging NSE scripts
Setting the user agent pragmatically
HTTP pipelining
Exception handling
See also
Reporting vulnerabilities correctly in NSE scripts
How to do it...
How it works...
There's more...
Vulnerability states of the library vulns
See also
Writing your own NSE library
How to do it...
How it works...
There's more...
Debugging NSE scripts
Exception handling
Importing modules in C
See also
Working with NSE threads, condition variables, and mutexes in NSE
How to do it...
How it works...
There's more...
Debugging NSE scripts
Exception handling
See also
A. References
Index
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜
购物车
个人中心
