扫描器⑴NSS(网络安全扫描器) Scanner ⑴ NSS (Network Security Scanner)
NSS由Perl语言编成,它最根本的价值在于它的速度,它运行速度非常快,它可以执行下列常规检查: NSS compiled by the Perl language, it is the most fundamental value lies in its speed, it runs very fast, it can perform the following routine checks:
■Sendmail ■ Sendmail
■匿名FTP ■ anonymous FTP
■NFS出口■TFTP ■ NFS export ■ TFTP
■Hosts.equiv ■ Hosts.equiv
■Xhost ■ Xhost
注:除非你拥有最高特权,否则NSS不允许你执行Hosts.equiv。 Note: Unless you have the highest privileges, otherwise the NSS does not allow you to perform Hosts.equiv.
利用NSS,用户可以增加更强大的功能,其中包括: The use of NSS, the user can add more powerful features, including:
■AppleTalk扫描■Novell扫描■LAN管理员扫描■可扫描子网简单地说,NSS执行的进程包括: ■ AppleTalk scan scan ■ Novell ■ ■ LAN administrators to scan subnets can be scanned simply, NSS implementation process include:
■取得指定域的列表或报告,该域原本不存在这类列表■用Ping命令确定指定主机是否是活性的■扫描目标主机的端口■报告指定地址的漏洞尽管没有详尽讨论NSS,但我在这里要说明一些次要的问题: ■ Obtain a list of specified domains or reports, the field had no such list ■ use the Ping command to determine whether the activity of the specified host target host port scanner ■ ■ Although the report did not specify the address of the vulnerability detailed discussion of NSS, but I'm here To illustrate some of the minor problems:
■在对NSS进行解压缩后,不能立即运行NSS,需要对它进行一些修改,必须设置一些环境变量,以适应你的机器配置。 ■ in the NSS decompressed, you can not immediately run NSS, it needs to be some changes, you must set some environment variables to suit your machine configuration. 主要变量包括: Key variables include:
■$TmpDir_NSS 使用的临时目录■$YPX-ypx应用程序的目录■$PING_可执行的ping命令的目录■$XWININFO_xwininfo的目录提示:如果你隐藏了Perl include目录(目录中有Perl include文件),并且在PATH环境变量中没有包含该目录,你需要加上这个目录;同时,用户应该注意NSS需要ftplib.pl库函数。 ■ $ TmpDir_NSS use of temporary directory ■ $ YPX-ypx application's executable directory ■ $ PING_ ping command directory ■ $ XWININFO_xwininfo directory Tip: If you hide the Perl include directory (the directory in Perl include files), and in the PATH environment variable does not contain the directory, you need to add this directory; the same time, users should note that NSS needs ftplib.pl library functions. NSS具有并行能力,可以在许多工作站之间进行分布式扫描。 NSS has parallel capabilities, can be distributed between many workstations scan. 而且,它可以使进程分支。 Moreover, it can make the process of branching. 在资源有限的机器上运行NSS(或未经允许运行NSS)应该避免这种情况,在代码中有这方面的选项设置。 Machines with limited resources to run NSS (or not allowed to run NSS) should be avoided, in the code have this option.
你可在下面地址找到NSS拷贝。 You can copy the following address to find the NSS. http://www.giga.or.at/pub/hacker/unix http://www.giga.or.at/pub/hacker/unix
⑵Strobe(超级优化TCP端口检测程序) ⑵ Strobe (super-optimized TCP port test program)
strobe是一个TCP端口扫描器,它可以记录指定机器的所有开放端口。 strobe is a TCP port scanner, which can record all the open ports on the specified machine. strobe运行速度快(其作者声称在适中的时间内,便可扫描整个一个国家的机器)。 strobe is fast (the authors claim moderate period of time, you can scan an entire state machine).
strobe的主要特点是,它能快速识别指定机器上正在运行什么服务。 strobe's main feature is that it can quickly identify specify what services are running on the machine. strobe的主要不足是这类信息是很有限的,一次strobe攻击充其量可以提供给“入侵者”一个粗略的指南,告诉什么服务可以被攻击。 The main disadvantages of this type of strobe information is very limited, at best, can provide a strobe to attack "invaders" a rough guide to tell what services can be attacked. 但是,strobe用扩展的行命令选项弥补了这个不足。 However, strobe command line options with the expansion to make up for this deficiency. 比如,在用大量指定端口扫描主机时,你可以禁止所有重复的端口描述。 For example, in the specified port scan the host with a large number, you can disable all duplicate port descriptions. (仅打印首次端口定义)其他选项包括: (Only print the first port defined) Other options include:
■定义起始和终止端口■定义在多长时间内接收不到端口或主机响应,便终止这次扫描。 ■ ■ define the starting and ending port defines how long to receive less than a port or host response, it terminates the scan.
■定义使用的socket号码■定义strobe要捕捉的目标主机的文件在如下地址可以找到strobe的拷贝: http://sunsite.kth.se/linux/system/network/admin/ ■ ■ define the use of socket numbers define the strobe to capture the target host's file can be found at the following address strobe copy: http://sunsite.kth.se/linux/system/network/admin/
提示:在你获得strobe的同时,必然获得手册页面,这对于Solaris 2.3是一个明显的问题,为了防止发生问题,你必须禁止使用getpeername()。 Tip: you get the strobe at the same time, will certainly have the manual page, which for Solaris 2.3 is a significant problem, in order to prevent problems, you must prohibit the use getpeername (). 在行命令中加入-g 标志就可以实现这一目的。 Command line by adding the-g flag can achieve this purpose.
同时,尽管strobe没有对远程主机进行广泛测试,但它留下的痕迹与早期的ISS一样明显,被strobe扫描过的主机会知道这一切(这非常象在/var/adm/messages文件中执行连接请求)。 Meanwhile, despite the strobe without extensive testing of the remote host, but it leaves traces of the ISS, as was earlier been scanned hosts strobe will know it all (which is much like in / var / adm / messages file to perform the join request).
⑶SATAN(安全管理员的网络分析工具) ⑶ SATAN (Security Administrator's network analysis tool)
SATAN是为UNIX设计的,它主要是用C和Perl语言编写的(为了用户界面的友好性,还用了一些HTML技术)。 SATAN is designed for UNIX, it is mainly written in C and Perl's (for user-friendly interface, also used some HTML technology). 它能在许多类UNIX平台上运行,有些根本不需要移植,而在其他平台上也只是略作移植。 It can run on many UNIX-like platforms, and some do not need transplants, but also on other platforms only slightly for transplant.
注意:在Linux上运行SATAN有一个特殊问题,应用于原系统的某些规则在Linus平台上会引起系统失效的致命缺陷;在tcp-scan模块中实现 select()调用也会产生问题;最后要说的是,如果用户扫描一个完整子网,则会引进反向fping爆炸,也即套接字(socket)缓冲溢出。 Note: SATAN on Linux there is a particular problem, certain rules apply to the original system platform in the Linus system failure can cause a fatal flaw; in tcp-scan module to implement select () call will cause problems; final that is, if the user scans a complete subnet, will the introduction of reverse fping explosion, that socket (socket) buffer overflow. 但是,有一个站点不但包含了用于Linux的、改进的SATAN二进制代码,还包含了diff文件,这些条款可以在ftp.lod.com However, there is a site for Linux includes not only improve the SATAN binary code, also includes a diff file, these terms can ftp.lod.com
上发现,或者可以直接从Sun站点(sunsite.unc.edu)取得diff文件: Found on, or directly from the Sun site (sunsite.unc.edu) get diff file:
/pub/linux/system/network/admin/satan-linux.1.1.1.diff.gz / Pub/linux/system/network/admin/satan-linux.1.1.1.diff.gz
SATAN用于扫描远程主机的许多已知的漏洞,其中包括,但并不限于下列这些漏洞: SATAN scans remote hosts for a number of known vulnerabilities, including, but not limited to the following vulnerabilities:
■FTPD脆弱性和可写的FTP目录■NFS脆弱性■NIS脆弱性■RSH脆弱性■Sendmail ■ FTPD vulnerabilities and writable FTP directory ■ NFS ■ NIS vulnerability vulnerability ■ RSH vulnerability ■ Sendmail
■X服务器脆弱性你可在下面地址中获得SATAN的拷贝: http://www.fish.com ■ X server vulnerabilities in the following address you can get a copy of SATAN: http://www.fish.com
安装过程 The installation process
SATAN的安装和其他应用程序一样,每个平台上的SATAN目录可能略有不同,但一般都是/satan-1.1.1。 SATAN installation and other applications, each platform SATAN directory may be slightly different, but generally / satan-1.1.1. 安装的第一步(在阅读了使用文档说明后)是运行Perl程序reconfig。 Installation of the first step (reading after using the documentation) is to run the Perl program reconfig. 这个程序搜索各种不同的组成成分,并定义目录路径。 This program searches a variety of different components, and define the directory path. 如果它不能找到或定义一个浏览器。 If it can not find or define a browser. 则运行失败,那些把浏览器安装在非标准目录中(并且没有在PATH中进行设置)的用户将不得不手工进行设置。 You fail, that the browser installed in non-standard directory (and not set in the PATH) and the user will have to be set manually. 同样,那些没有用DNS(未在自己机器上运行DNS)的用户也必须在/satan-1.1.1/conf/satan.cf中进行下列设置:$dont_use_nslookuo=1;在解决了全部路径问题后,用户可以在分布式系统上运行安装程序(IRIX或SunOS),我建议要非常仔细地观察编译,以找出错误。 Similarly, those who do not use DNS (did not run on machines in their own DNS) the user must also be in / satan-1.1.1/conf/satan.cf the following settings: $ dont_use_nslookuo = 1; path in solving all problems, Users can run the installer on a distributed system (IRIX or SunOS), I suggest to watch very carefully compiled to identify the error.
提示:SATAN比一般扫描器需要更多一些的资源,尤其是在内存和处理器功能方面要求更高一些。 Tip: SATAN scanner requires more than the average number of resources, especially in the memory and processor requirements of higher functions. 如果你在运行SATAN时速度很慢,可以尝试几种解决办法。 If you are very slow when running SATAN, you can try several solutions. 最直接的办法就是扩大内存和提高处理器能力,但是,如果这种办法不行,我建议用下面两种方法:一是尽可能地删除其他进程;二是把你一次扫描主机的数量限制在100台以下。 The most direct way is to expand and improve memory, processor power, but if this approach not work, I suggest the following two ways: First, remove as much as possible other processes; the second is a scan of your limited to 100 the number of hosts table below. 最后说明的一点是,对于没有强大的视频支持或内存资源有限的主机,SATAN有一个行命令接口,这一点很重要。 Finally, we illustrate the point is that without strong video support for the limited memory resources or a host, SATAN has a command line interface, it is very important.
⑷Jakal ⑷ Jakal
Jakal是一个秘密扫描器,也就是就,它可以扫描一个区域(在防火墙后面),而不留下任何痕迹。 Jakal scanner is a secret, that is on, it can scan an area (behind a firewall), without leaving any traces.
秘密扫描器工作时会产生“半扫描”(half scans),它启动(但从不完成)与目标主机的SYN/ACK过程。 Secret scanner work will have a "half-scan" (half scans), it started (but never completed) and the target host's SYN / ACK process. 从根本上讲,秘密扫描器绕过了防火墙,并且避开了端口扫描探测器,识别出在防火墙后面运行的是什么服务。 Basically, the secret scanner to bypass the firewall, and to avoid a port scan detector, behind the firewall to identify what services are running. (这里包括了像Courtney和GAbriel这样的精制扫描探测器) (This includes Courtney and GAbriel such as refined scanning probe)
在下面地址中可以找到由Half life,Jeff(PhiJi)Fay和Abdullah Marahie编写的Jakal拷贝: http://www.giga.or.at.pub/hacker/unix Can be found at the following address by the Half life, Jeff (PhiJi) Fay and Abdullah Marahie written Jakal copy: http://www.giga.or.at.pub/hacker/unix
⑸IdentTCPscan ⑸ IdentTCPscan
IdentTCPscan是一个更加专业化的扫描器,其中加入了识别指定TCP端口进程的所有者的功能,也就是说,它能测定该进程的UID。 IdentTCPscan is a more specialized scanner, which joined the process of identifying the owner of the specified TCP port function, that is, it can determine the process's UID. 可在如下地址找到拷贝: http://www.giga.or.at/pub/hacker/unix Copy can be found at the following address: http://www.giga.or.at/pub/hacker/unix
⑹CONNECT ⑹ CONNECT
CONNECT是一个bin/sh程序,它的用途是扫描TFTP服务子网。 CONNECT is a bin / sh program, its purpose is to scan the TFTP service subnet. 在下面地址可得到拷贝: http://www.giga.or.at/pub/hacker/unix/ Copy available in the following address: http://www.giga.or.at/pub/hacker/unix/
⑺FSPScan ⑺ FSPScan
FSPScan用于扫描FSP服务顺。 FSPScan FSP services for scanning along. FSP代表文件服务协议,是非常类似于FTP的Internet协议。 FSP File Service Agreement on behalf of, the Internet is very similar to the FTP protocol. 它提供匿名文件传输,并且据说具有网络过载保护功能(比如,FSP从来不分叉)。 It provides anonymous file transfer, and is said to have a network overload protection function (eg, FSP never forks). FSP最知名的安全特性可能就是它记录所有到来用户的主机名,这被认为优于FTP,因为FTP仅要求用户的E-mail地址(而实际上根本没有进行记录)。 FSP's most well-known security features is that it records all possible arrival of the user's host name, which is considered superior to FTP, because FTP requires only the user's E-mail address (in fact not recorded). FSP相当流行,现在为Windows 和OS/2开发了GUI客户程序。 FSP very popular, and now for Windows and OS / 2 development of the GUI client. 可在如下地址找到: http://www.giga.or.at/pub/hacker/unix Can be found at the following address: http://www.giga.or.at/pub/hacker/unix
⑻XSCAN ⑻ XSCAN
XSCAN扫描具有X服务器弱点的子网(或主机)。 XSCAN scan with X server vulnerabilities subnet (or host). 乍一看,这似乎并不太重要,毕竟其他多数扫描器都能做同样的工作。 At first glance, this seems not very important, after all, most other scanner can do the same work. 然而,XSCAN包括了一个增加的功能:如果它找到了一个脆弱的目标,它会立即加入记录。 However, XSCAN includes an added feature: if it finds a vulnerable target, it will immediately add records.
XSCAN的其他优点还包括:可以一次扫描多台主机。 XSCAN Other benefits include: You can scan multiple hosts. 这些主机可以在行命令中作为变量键入(并且你可以通过混合匹配同时指定主机和子网)。 These host variables can be typed as a command line (and you can mix and match both the specified host and subnet). 可在如下地址找到: http://www.giga.or.at/pub/hacker/unix Can be found at the following address: http://www.giga.or.at/pub/hacker/unix
Tidak ada komentar:
Posting Komentar