Yadda ake Amfani da Rubutun Injin Rubutun Nmap (NSE) a cikin Linux


duba bude tashoshin jiragen ruwa da ayyukan da ke gudana akan waɗancan runduna, da ƙari mai yawa.

Ɗaya daga cikin abubuwan ban sha'awa na Nmap shine Injin Rubutun Nmap (NSE), wanda ke kawo ƙarin sassauci da inganci gare shi. Yana ba ku damar rubuta rubutun ku a cikin harshen shirye-shirye na Lua, kuma ƙila ku raba waɗannan rubutun tare da sauran masu amfani da Nmap a can.

Akwai nau'ikan rubutun NSE guda hudu, wato:

    Rubutun farko - su ne rubutun da ke gudana kafin kowane aikin binciken Nmap, ana aiwatar da su ne lokacin da Nmap bai tattara wani bayani game da manufa ba tukuna.
  • Rubutun mai watsa shiri – rubutun ne da aka aiwatar bayan Nmap ya gudanar da ayyuka na yau da kullun kamar gano ma'aikata, binciken tashar jiragen ruwa, gano sigar, da gano OS a kan mai watsa shiri.
  • Rubutun Sabis - Rubutun da aka yi su ne da takamaiman sabis ɗin sauraren mai watsa shiri.
  • Rubutun bayan fage - rubutun ne da ake gudanarwa bayan Nmap ya bincika duk masu masaukinsa.

Sannan ana harhada waɗannan rubutun a ƙarƙashin nau'o'i daban-daban waɗanda suka haɗa da na tantancewa (aiki), gano ma'aikata (watsa shirye-shiryen watsa shirye-shirye), hare-haren ƙarfi don ƙwace takaddun shaida (bute), gano ƙarin game da hanyar sadarwa (ganowa), haifar da hana sabis (dos). ), yin amfani da wasu rauni (amfanoni), da sauransu. Yawan rubutun suna cikin nau'in tsoho.

Lura: Kafin mu ci gaba, yakamata ku lura da waɗannan mahimman abubuwan:

  • Kada ku aiwatar da rubutun daga wasu kamfanoni ba tare da bincika su ba ko kuma idan kun amince da marubutan. Wannan saboda waɗannan rubutun ba su gudana a cikin akwatin yashi kuma don haka suna iya lalata tsarin ku ba zato ba tsammani ko kuma su mamaye sirrin ku.
  • Na biyu, da yawa daga cikin waɗannan rubutun na iya yin aiki a matsayin ko dai rubutun ka'ida ko na baya. Yin la'akari da wannan, ana ba da shawarar yin amfani da prerule don dalilai na daidaito.
  • Nmap yana amfani da bayanan scripts/script.db don gano tsoffin rubutun da nau'ikan da ke akwai.

Don ganin wurin duk rubuce-rubucen NSE da ke akwai, gudanar da wurin amfani da wurin a tashar, kamar haka:

$ locate *.nse

/usr/share/nmap/scripts/acarsd-info.nse
/usr/share/nmap/scripts/address-info.nse
/usr/share/nmap/scripts/afp-brute.nse
/usr/share/nmap/scripts/afp-ls.nse
/usr/share/nmap/scripts/afp-path-vuln.nse
/usr/share/nmap/scripts/afp-serverinfo.nse
/usr/share/nmap/scripts/afp-showmount.nse
/usr/share/nmap/scripts/ajp-auth.nse
/usr/share/nmap/scripts/ajp-brute.nse
/usr/share/nmap/scripts/ajp-headers.nse
/usr/share/nmap/scripts/ajp-methods.nse
/usr/share/nmap/scripts/ajp-request.nse
/usr/share/nmap/scripts/allseeingeye-info.nse
/usr/share/nmap/scripts/amqp-info.nse
/usr/share/nmap/scripts/asn-query.nse
...

Ana loda rubutun NSE ta amfani da alamar --script, wanda kuma yana ba ku damar gudanar da rubutun ku ta hanyar samar da nau'ikan, sunayen fayil ɗin rubutun, ko sunan kundayen adireshi inda rubutunku yake.

Ma'auni don kunna rubutun shine kamar haka:

$ nmap -sC target     #load default scripts
OR
$ nmap --script filename|category|directory|expression,...   target    

Kuna iya duba bayanin rubutun tare da zaɓin --script-help. Bugu da ƙari, za ku iya ba da hujja ga wasu rubutun ta hanyar --script-args da --script-args-file zaɓuɓɓukan, daga baya ana amfani da shi don samar da sunan fayil maimakon maimakon. layin umarni-arg.

Don yin bincike tare da mafi yawan tsoffin rubutun, yi amfani da tutar -sC ko a madadin haka yi amfani da --script=default kamar yadda aka nuna.

$ nmap -sC scanme.nmap.org
OR
$ nmap --script=default scanme.nmap.org
OR
$ nmap --script default scanme.nmap.org
Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-15 10:36 IST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.0027s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE
80/tcp open  http
|_http-title: Go ahead and ScanMe!

Nmap done: 1 IP address (1 host up) scanned in 11.74 seconds

Don amfani da rubutun don dalilin da ya dace, zaku iya, da farko, sami taƙaitaccen bayanin abin da yake yi a zahiri, misali, http-headers.

$ nmap --script-help http-headers scanme.nmap.org
Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-15 10:37 IST

http-headers
Categories: discovery safe
https://nmap.org/nsedoc/scripts/http-headers.html
  Performs a HEAD request for the root folder ("/") of a web server and displays the HTTP headers returned.

Loda Rubutun NSE Don Yin Binciken Nmap

Kuna iya zaɓar ko loda rubutun don yin bincike ta hanyoyi daban-daban da aka bayyana a ƙasa.

Da zarar kun san abin da rubutun ke yi, za ku iya yin scan ta amfani da shi. Kuna iya amfani da rubutun ɗaya ko shigar da jerin sunayen rubutun waƙafi. Umurnin da ke ƙasa zai ba ku damar duba kanun HTTP da aka saita akan sabar gidan yanar gizo a wurin mai masaukin baki.

$ nmap --script http-headers scanme.nmap.org
Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-15 10:39 IST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.27s latency).
Not shown: 996 closed ports
PORT      STATE    SERVICE
22/tcp    open     ssh
80/tcp    open     http
| http-headers: 
|   Date: Wed, 15 Nov 2017 05:10:04 GMT
|   Server: Apache/2.4.7 (Ubuntu)
|   Accept-Ranges: bytes
|   Vary: Accept-Encoding
|   Connection: close
|   Content-Type: text/html
|   
|_  (Request type: HEAD)
179/tcp   filtered bgp
31337/tcp open     Elite

Nmap done: 1 IP address (1 host up) scanned in 20.96 seconds

Hakanan zaka iya loda rubutun daga rukuni ɗaya ko daga jerin rukunoni masu waƙafi. A cikin wannan misalin, muna amfani da duk rubutun da ke cikin tsoho da nau'in watsa shirye-shirye don gudanar da bincike akan mai watsa shiri 192.168.56.1.

$ nmap --script default,broadcast 192.168.56.1

Wannan yana da amfani lokacin da kake son zaɓar rubutun tare da ƙirar suna. Misali don loda duk rubutun tare da sunaye waɗanda suka fara da ssh, gudanar da umarnin da ke ƙasa akan tashar:

$ nmap --script "ssh-*" 192.168.56.1

Hakanan zaka iya zaɓar rubutun ta amfani da maganganun boolean waɗanda zaku iya ginawa ta amfani da, ko, kuma ba masu aiki ba. Kuma sunaye a cikin furcin Boolean na iya zama rukuni, sunan fayil daga script.db, ko duka.

Umurni mai zuwa zai loda rubutun daga tsoho ko nau'ikan watsa shirye-shirye.

$ nmap --script "default or broadcast" 192.168.56.10

Wanda yayi daidai da:

$ nmap --script default,broadcast 192.168.56.10

Don loda duk rubutun da ke tsallake waɗanda ke cikin rukunin mara kyau, gudanar da wannan umarni akan tashar.

$ nmap --script "not vuln" 192.168.56.10

Umurni na gaba yana da ɗan rikitarwa amma yana da sauƙin fahimta, yana zaɓar rubutun a cikin tsoho, ko nau'ikan watsa shirye-shirye, yana barin waɗanda ke da sunaye waɗanda suka fara da ssh-:

$ nmap --script "(default or broadcast) and not ssh-*" 192.168.56.10

Mahimmanci, yana yiwuwa a haɗa nau'o'i, sunayen rubutun, kundin adireshi mai ɗauke da rubutun al'ada, ko furcin boolean don loda rubutun, kamar haka:

$ nmap --script broadcast,vuln,ssh-auth-methods,/path/to/custom/scripts 192.168.56.10

A ƙasa akwai misali yana nuna yadda ake ƙaddamar da muhawara zuwa rubutun tare da zaɓin -script-args:

$ nmap --script mysql-audit --script-args "mysql-audit.username='root', \
mysql-audit.password='password_here', mysql-audit.filename='nselib/data/mysql-cis.audit'"

Don wuce lambar tashar jiragen ruwa, yi amfani da zaɓin -p nmap:

$ nmap -p 3306 --script mysql-audit --script-args "mysql-audit.username='root', \ 
mysql-audit.password='password_here' , mysql-audit.filename='nselib/data/mysql-cis.audit'"

Umurnin da ke sama yana gudanar da bincike na tsarin tsaro na uwar garken bayanan MySQL akan sassan ma'aunin CIS MySQL v1.0.2. Hakanan kuna iya ƙirƙirar fayilolin duba na al'ada masu amfani don sauran binciken MySQL.

Shi ke nan a yanzu. Kuna iya samun ƙarin bayani akan shafin mutumin Nmap ko duba Amfani da NSE.

Don farawa da rubuta rubutun NSE na ku, duba wannan jagorar: https://nmap.org/book/nse-tutorial.html

Nmap babban kayan aiki ne mai ƙarfi kuma mai amfani wanda kowane tsari ko mai gudanar da hanyar sadarwa ke buƙata a cikin makaman sa na tsaro - NSE kawai yana ƙara ƙarin inganci gare shi.

A cikin wannan labarin, mun gabatar da ku zuwa Injin Rubutun Nmap kuma mun duba yadda ake nemo da amfani da nau'ikan rubutun da ake da su a ƙarƙashin nau'i daban-daban. Idan kuna da wasu tambayoyi, kada ku yi jinkirin rubuta mana ta hanyar sharhin da ke ƙasa.