Unixscan
(My apologies up front to those Unix purists for putting the Unix Perl scripts in a ZIP)
This Perl script calls numerous integrated and public domain software to port scan and otherwise enumerate all systems on the network. The script offers a number of options including ping scanning before port scanning to generate an array of hosts. And to avoid the intrusion detection product radar, a randomize function allows you to scan your hosts with little chance of being detected. Using strobe the script will detect open ports and grab the banners available for each service. If DNS is open it will attempt to determine the version of bind with the chaos directive. Also if DNS is running, it will attempt a zone transfer to pull back all DNS registered hosts. If NFS is open, the script will enumerate shares with showmount. If RPC is open, the script will attempt to enumerate listening ports with rpcinfo. If SNMP is open, the script will attempt to enumerate SNMP information by using configurable community strings. Using icmpquery, the script will attempt to determine the particular subnet mask being used by an interface. If finger is running, the script will try numerous techniques for enumerating users on the system. The output is organized by running service and host. While not yet HTMLized, the script provides a great head start for enumerating vulnerable systems on your network.
NTscan
This Perl script calls numerous integrated, public domain, and commercially available enumeration tools to port scan and otherwise enumerate all NT systems on your network. The script offers a number of options including ping scans, port scans, and NT enumeration. Like Unixscan, NTscan offers the ability to not ping scan before enumerating, and provides the randomizing of hosts to elude network based intrusion detection products. Using netcat to port scan a host, the script determines if the target is running NT - if not but port 139 is open (signifying Samba or Win9x) it will attempt to enumerate shares with the net view command and stop scanning. On the other hand, if NT is running it will use many of the techniques discussed in this book to begin complete user, group, share, and registry enumeration of a target. If SNMP is running it will attempt to pull back information using easy to guess (and configurable) community names such as "public" and "private". If port 135 is open (NT's RPC port), the script will attempt to enumerate the RPC endpoints of the system, often providing the internal IP address of a dual homed system. The script is smart enough to detect the RestrictAnonymous registry key and use user2sid/sid2user to enumerate all users. The script produces a nice HTMLized series of files that you can use to enumerate your vulnerable NT systems.
Webping
This Perl script uses Netcat to connect to systems and determine if it is vulnerable to the IISHACK and/or the MDAC attack. IISHACK detection is maybe 50% accurate while MDAC detection is over 90%. You’ll need to have Netcat in your path and if you run the script under Unix you’ll need to edit the script, changing the word “type” to “cat”.
(My apologies up front to those Unix purists for putting the Unix Perl scripts in a ZIP)
This Perl script calls numerous integrated and public domain software to port scan and otherwise enumerate all systems on the network. The script offers a number of options including ping scanning before port scanning to generate an array of hosts. And to avoid the intrusion detection product radar, a randomize function allows you to scan your hosts with little chance of being detected. Using strobe the script will detect open ports and grab the banners available for each service. If DNS is open it will attempt to determine the version of bind with the chaos directive. Also if DNS is running, it will attempt a zone transfer to pull back all DNS registered hosts. If NFS is open, the script will enumerate shares with showmount. If RPC is open, the script will attempt to enumerate listening ports with rpcinfo. If SNMP is open, the script will attempt to enumerate SNMP information by using configurable community strings. Using icmpquery, the script will attempt to determine the particular subnet mask being used by an interface. If finger is running, the script will try numerous techniques for enumerating users on the system. The output is organized by running service and host. While not yet HTMLized, the script provides a great head start for enumerating vulnerable systems on your network.
NTscan
This Perl script calls numerous integrated, public domain, and commercially available enumeration tools to port scan and otherwise enumerate all NT systems on your network. The script offers a number of options including ping scans, port scans, and NT enumeration. Like Unixscan, NTscan offers the ability to not ping scan before enumerating, and provides the randomizing of hosts to elude network based intrusion detection products. Using netcat to port scan a host, the script determines if the target is running NT - if not but port 139 is open (signifying Samba or Win9x) it will attempt to enumerate shares with the net view command and stop scanning. On the other hand, if NT is running it will use many of the techniques discussed in this book to begin complete user, group, share, and registry enumeration of a target. If SNMP is running it will attempt to pull back information using easy to guess (and configurable) community names such as "public" and "private". If port 135 is open (NT's RPC port), the script will attempt to enumerate the RPC endpoints of the system, often providing the internal IP address of a dual homed system. The script is smart enough to detect the RestrictAnonymous registry key and use user2sid/sid2user to enumerate all users. The script produces a nice HTMLized series of files that you can use to enumerate your vulnerable NT systems.
Webping
This Perl script uses Netcat to connect to systems and determine if it is vulnerable to the IISHACK and/or the MDAC attack. IISHACK detection is maybe 50% accurate while MDAC detection is over 90%. You’ll need to have Netcat in your path and if you run the script under Unix you’ll need to edit the script, changing the word “type” to “cat”.
Tidak ada komentar:
Posting Komentar