切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
146 网络扫描 : THC-Amap 使用[复制链接]
发表于 2012-9-11 00:24:01 | 显示全部楼层 |!read_mode!

作为超越NMAP的工具 第一个能扫描IP6的工具 请您背诵下文1W次 谢谢
扫描MSFTAB

比较NMAP

扫描22端口:

Amap
  1. root@Dis9Team:~# amap -bqv 1.1.1.61 22
  2. Using trigger file /pen/scanner/amap/etc/appdefs.trig ... loaded 30 triggers
  3. Using response file /pen/scanner/amap/etc/appdefs.resp ... loaded 346 responses
  4. Using trigger file /pen/scanner/amap/etc/appdefs.rpc ... loaded 450 triggers

  5. amap v5.4 (www.thc.org/thc-amap) started at 2012-06-25 13:52:03 - APPLICATION MAPPING mode

  6. Total amount of tasks to perform in plain connect mode: 23
  7. Waiting for timeout on 23 connections ...
  8. Protocol on 1.1.1.61:22/tcp matches ssh - banner: SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1\n
  9. Protocol on 1.1.1.61:22/tcp matches ssh-openssh - banner: SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1\n

  10. amap v5.4 finished at 2012-06-25 13:52:12
  11. root@Dis9Team:~#
复制代码
NMAP
  1. root@Dis9Team:~# nmap -T5 -sV 1.1.1.61 -p 22

  2. Starting Nmap 5.21 ( http://nmap.org ) at 2012-06-25 13:53 PDT
  3. Nmap scan report for 1.1.1.61
  4. Host is up (0.00033s latency).
  5. PORT   STATE SERVICE VERSION
  6. 22/tcp open  ssh     OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
  7. MAC Address: 08:00:27:8C:D3:CA (Cadmus Computer Systems)
  8. Service Info: OS: Linux

  9. Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
  10. Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds
  11. root@Dis9Team:~#
复制代码

可以看出Amap的更加详细

模式

Modes:
-A Map applications: send triggers and analyse responses (default)
-B Just grab banners, do not send triggers
-P No banner or application stuff – be a (full connect) port scanner
3个模式 -P一般只判断端口是否开放, -B是显示出详细信息 -A也是判断端口开放,但是比一般TCP扫描(例如-P)详细
演示:

-A
  1. root@Dis9Team:~# amap -A 1.1.1.61 22
  2. amap v5.4 (www.thc.org/thc-amap) started at 2012-06-25 13:59:43 - APPLICATION MAPPING mode

  3. Protocol on 1.1.1.61:22/tcp matches ssh
  4. Protocol on 1.1.1.61:22/tcp matches ssh-openssh
复制代码
-B
  1. root@Dis9Team:~# amap -B 1.1.1.61 22
  2. amap v5.4 (www.thc.org/thc-amap) started at 2012-06-25 14:00:06 - BANNER mode

  3. Banner on 1.1.1.61:22/tcp : SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1\n

  4. amap v5.4 finished at 2012-06-25 14:00:06
  5. root@Dis9Team:~#
复制代码
-P
  1. root@Dis9Team:~# amap -P 1.1.1.61 22
  2. amap v5.4 (www.thc.org/thc-amap) started at 2012-06-25 14:00:25 - PORTSCAN mode

  3. Port on 1.1.1.61:22/tcp is OPEN

  4. amap v5.4 finished at 2012-06-25 14:00:25
  5. root@Dis9Team:~#
复制代码
其他参数:-b,显示banner

和curl -I 差不多

  1. root@Dis9Team:~# amap -b 1.1.1.61 80
  2. amap v5.4 (www.thc.org/thc-amap) started at 2012-06-25 14:03:19 - APPLICATION MAPPING mode

  3. Protocol on 1.1.1.61:80/tcp matches http - banner: HTTP/1.1 200 OK\r\nDate Mon, 25 Jun 2012 210319 GMT\r\nServer Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch\r\nLast-Modified Wed, 17 Mar 2010 140825 GMT\r\nETag "107f7-2d-481ffa5ca8840"\r\nAccept-Ranges bytes\r\nContent-Length 45\r\nConn
  4. Protocol on 1.1.1.61:80/tcp matches http-apache-2 - banner: HTTP/1.1 200 OK\r\nDate Mon, 25 Jun 2012 210319 GMT\r\nServer Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch\r\nLast-Modified Wed, 17 Mar 2010 140825 GMT\r\nETag "107f7-2d-481ffa5ca8840"\r\nAccept-Ranges bytes\r\nContent-Length 45\r\nConn
复制代码
-u udp扫描
  1. root@Dis9Team:~# amap -u 1.1.1.61 1-60000
  2. amap v5.4 (www.thc.org/thc-amap) started at 2012-06-25 14:04:48 - APPLICATION MAPPING mode

  3. Warning: Could not connect to 1.1.1.61:1/udp, disabling port
  4. Warning: Could not connect to 1.1.1.61:2/udp, disabling port
  5. Warning: Could not connect to 1.1.1.61:3/udp, disabling port
  6. Warning: Could not connect to 1.1.1.61:4/udp, disabling port
  7. Warning: Could not connect to 1.1.1.61:5/udp, disabling port
  8. Warning: Could not connect to 1.1.1.61:6/udp, disabling port
  9. Warning: Could not connect to 1.1.1.61:40/udp, disabling port
  10. Warning: Could not connect to 1.1.1.61:41/udp, disabling port
  11. Warning: Could not connect to 1.1.1.61:39/udp, disabling port
  12. Warning: Could not connect to 1.1.1.61:42/udp, disabling port
  13. Warning: Could not connect to 1.1.1.61:43/udp, disabling port
  14. Protocol on 1.1.1.61:53/udp matches dns-djb
  15. --more--
复制代码
-d 显示详细信息
  1. root@Dis9Team:~# amap -d 1.1.1.61 22 80
  2. amap v5.4 (www.thc.org/thc-amap) started at 2012-06-25 14:07:32 - APPLICATION MAPPING mode

  3. Protocol on 1.1.1.61:80/tcp matches http
  4. Dump of identified response from 1.1.1.61:80/tcp (by trigger http):
  5. 0000:  4854 5450 2f31 2e31 2032 3030 204f 4b0d    [ HTTP/1.1 200 OK. ]
  6. 0010:  0a44 6174 653a 204d 6f6e 2c20 3235 204a    [ .Date: Mon, 25 J ]
  7. 0020:  756e 2032 3031 3220 3231 3a30 373a 3332    [ un 2012 21:07:32 ]
  8. 0030:  2047 4d54 0d0a 5365 7276 6572 3a20 4170    [  GMT..Server: Ap ]
  9. 0040:  6163 6865 2f32 2e32 2e38 2028 5562 756e    [ ache/2.2.8 (Ubun ]
  10. 0050:  7475 2920 5048 502f 352e 322e 342d 3275    [ tu) PHP/5.2.4-2u ]
  11. 0060:  6275 6e74 7535 2e31 3020 7769 7468 2053    [ buntu5.10 with S ]
  12. 0070:  7568 6f73 696e 2d50 6174 6368 0d0a 4c61    [ uhosin-Patch..La ]
  13. 0080:  7374 2d4d 6f64 6966 6965 643a 2057 6564    [ st-Modified: Wed ]
  14. 0090:  2c20 3137 204d 6172 2032 3031 3020 3134    [ , 17 Mar 2010 14 ]
  15. 00a0:  3a30 383a 3235 2047 4d54 0d0a 4554 6167    [ :08:25 GMT..ETag ]
  16. 00b0:  3a20 2231 3037 6637 2d32 642d 3438 3166    [ : "107f7-2d-481f ]
  17. 00c0:  6661 3563 6138 3834 3022 0d0a 4163 6365    [ fa5ca8840"..Acce ]
  18. 00d0:  7074 2d52 616e 6765 733a 2062 7974 6573    [ pt-Ranges: bytes ]
  19. 00e0:  0d0a 436f 6e74 656e 742d 4c65 6e67 7468    [ ..Content-Length ]
  20. 00f0:  3a20 3435 0d0a 436f 6e6e 6563 7469 6f6e    [ : 45..Connection ]
  21. 0100:  3a20 636c 6f73 650d 0a43 6f6e 7465 6e74    [ : close..Content ]
  22. 0110:  2d54 7970 653a 2074 6578 742f 6874 6d6c    [ -Type: text/html ]
  23. 0120:  0d0a 0d0a 3c68 746d 6c3e 3c62 6f64 793e    [ ....<html><body> ]
  24. 0130:  3c68 313e 4974 2077 6f72 6b73 213c 2f68    [ <h1>It works!</h ]
  25. 0140:  313e 3c2f 626f 6479 3e3c 2f68 746d 6c3e    [ 1></body></html> ]
  26. 0150:  0a                                         [ .                ]
  27. Protocol on 1.1.1.61:80/tcp matches http-apache-2
  28. Dump of identified response from 1.1.1.61:80/tcp (by trigger http):
  29. 0000:  4854 5450 2f31 2e31 2032 3030 204f 4b0d    [ HTTP/1.1 200 OK. ]
  30. 0010:  0a44 6174 653a 204d 6f6e 2c20 3235 204a    [ .Date: Mon, 25 J ]
  31. 0020:  756e 2032 3031 3220 3231 3a30 373a 3332    [ un 2012 21:07:32 ]
  32. 0030:  2047 4d54 0d0a 5365 7276 6572 3a20 4170    [  GMT..Server: Ap ]
  33. 0040:  6163 6865 2f32 2e32 2e38 2028 5562 756e    [ ache/2.2.8 (Ubun ]
  34. 0050:  7475 2920 5048 502f 352e 322e 342d 3275    [ tu) PHP/5.2.4-2u ]
  35. 0060:  6275 6e74 7535 2e31 3020 7769 7468 2053    [ buntu5.10 with S ]
  36. 0070:  7568 6f73 696e 2d50 6174 6368 0d0a 4c61    [ uhosin-Patch..La ]
  37. 0080:  7374 2d4d 6f64 6966 6965 643a 2057 6564    [ st-Modified: Wed ]
  38. 0090:  2c20 3137 204d 6172 2032 3031 3020 3134    [ , 17 Mar 2010 14 ]
  39. 00a0:  3a30 383a 3235 2047 4d54 0d0a 4554 6167    [ :08:25 GMT..ETag ]
  40. 00b0:  3a20 2231 3037 6637 2d32 642d 3438 3166    [ : "107f7-2d-481f ]
  41. 00c0:  6661 3563 6138 3834 3022 0d0a 4163 6365    [ fa5ca8840"..Acce ]
  42. 00d0:  7074 2d52 616e 6765 733a 2062 7974 6573    [ pt-Ranges: bytes ]
  43. 00e0:  0d0a 436f 6e74 656e 742d 4c65 6e67 7468    [ ..Content-Length ]
  44. 00f0:  3a20 3435 0d0a 436f 6e6e 6563 7469 6f6e    [ : 45..Connection ]
  45. 0100:  3a20 636c 6f73 650d 0a43 6f6e 7465 6e74    [ : close..Content ]
  46. 0110:  2d54 7970 653a 2074 6578 742f 6874 6d6c    [ -Type: text/html ]
  47. 0120:  0d0a 0d0a 3c68 746d 6c3e 3c62 6f64 793e    [ ....<html><body> ]
  48. 0130:  3c68 313e 4974 2077 6f72 6b73 213c 2f68    [ <h1>It works!</h ]
  49. 0140:  313e 3c2f 626f 6479 3e3c 2f68 746d 6c3e    [ 1></body></html> ]
  50. 0150:  0a                                         [ .                ]
  51. Protocol on 1.1.1.61:22/tcp matches ssh
  52. Dump of identified response from 1.1.1.61:22/tcp (by trigger http):
  53. 0000:  5353 482d 322e 302d 4f70 656e 5353 485f    [ SSH-2.0-OpenSSH_ ]
  54. 0010:  342e 3770 3120 4465 6269 616e 2d38 7562    [ 4.7p1 Debian-8ub ]
  55. 0020:  756e 7475 310a                             [ untu1.           ]
  56. Protocol on 1.1.1.61:22/tcp matches ssh-openssh
  57. Dump of identified response from 1.1.1.61:22/tcp (by trigger http):
  58. 0000:  5353 482d 322e 302d 4f70 656e 5353 485f    [ SSH-2.0-OpenSSH_ ]
  59. 0010:  342e 3770 3120 4465 6269 616e 2d38 7562    [ 4.7p1 Debian-8ub ]
  60. 0020:  756e 7475 310a                             [ untu1.           ]

  61. Unidentified ports: none.

  62. amap v5.4 finished at 2012-06-25 14:07:38
  63. root@Dis9Team:~#
复制代码
-v 显示端口服务
  1. root@Dis9Team:~# amap -v 1.1.1.61 22 80 445
  2. Using trigger file /pen/scanner/amap/etc/appdefs.trig ... loaded 30 triggers
  3. Using response file /pen/scanner/amap/etc/appdefs.resp ... loaded 346 responses
  4. Using trigger file /pen/scanner/amap/etc/appdefs.rpc ... loaded 450 triggers

  5. amap v5.4 (www.thc.org/thc-amap) started at 2012-06-25 14:08:19 - APPLICATION MAPPING mode

  6. Total amount of tasks to perform in plain connect mode: 69
  7. Protocol on 1.1.1.61:80/tcp (by trigger http) matches http
  8. Protocol on 1.1.1.61:80/tcp (by trigger http) matches http-apache-2
  9. Protocol on 1.1.1.61:22/tcp (by trigger http) matches ssh
  10. Protocol on 1.1.1.61:22/tcp (by trigger http) matches ssh-openssh
  11. Protocol on 1.1.1.61:445/tcp (by trigger netbios-session) matches mysql
  12. Protocol on 1.1.1.61:445/tcp (by trigger netbios-session) matches netbios-session
  13. Protocol on 1.1.1.61:445/tcp (by trigger ms-ds) matches ms-ds
  14. Waiting for timeout on 9 connections ...

  15. Unidentified ports: none.

  16. amap v5.4 finished at 2012-06-25 14:08:31
  17. root@Dis9Team:~#
复制代码
-q,不显示不确定的端口
  1. root@Dis9Team:~# amap -q 1.1.1.61 22 1-60000
  2. amap v5.4 (www.thc.org/thc-amap) started at 2012-06-25 14:10:41 - APPLICATION MAPPING mode

  3. Protocol on 1.1.1.61:22/tcp matches ssh
  4. Protocol on 1.1.1.61:22/tcp matches ssh-openssh
  5. Protocol on 1.1.1.61:23/tcp matches telnet
  6. Protocol on 1.1.1.61:80/tcp matches http
  7. Protocol on 1.1.1.61:80/tcp matches http-apache-2
  8. Protocol on 1.1.1.61:25/tcp matches smtp
  9. Protocol on 1.1.1.61:21/tcp matches ftp
  10. Protocol on 1.1.1.61:22/tcp matches ssh
  11. Protocol on 1.1.1.61:22/tcp matches ssh-openssh
  12. Protocol on 1.1.1.61:3306/tcp matches mysql
  13. Protocol on 1.1.1.61:8180/tcp matches http
  14. Protocol on 1.1.1.61:8180/tcp matches http-apache-2
复制代码
-o 保存结果
  1. root@Dis9Team:~# amap -q 1.1.1.61 22 1-22 -o /tmp/port
  2. amap v5.4 (www.thc.org/thc-amap) started at 2012-06-25 14:11:30 - APPLICATION MAPPING mode

  3. Protocol on 1.1.1.61:22/tcp matches ssh
  4. Protocol on 1.1.1.61:22/tcp matches ssh-openssh
  5. Protocol on 1.1.1.61:21/tcp matches ftp
  6. Protocol on 1.1.1.61:21/tcp matches smtp
  7. Protocol on 1.1.1.61:22/tcp matches ssh
  8. Protocol on 1.1.1.61:22/tcp matches ssh-openssh

  9. amap v5.4 finished at 2012-06-25 14:11:37
  10. root@Dis9Team:~# head /tmp/port
  11. amap v5.4 (www.thc.org/thc-amap) started at 2012-06-25 14:11:30 - MAPPING mode
  12. Protocol on 1.1.1.61:22/tcp matches ssh
  13. Protocol on 1.1.1.61:22/tcp matches ssh-openssh
  14. Protocol on 1.1.1.61:21/tcp matches ftp
  15. Protocol on 1.1.1.61:21/tcp matches smtp
  16. Protocol on 1.1.1.61:22/tcp matches ssh
  17. Protocol on 1.1.1.61:22/tcp matches ssh-openssh
  18. amap v5.4 finished at 2012-06-25 14:11:37
  19. root@Dis9Team:~#
复制代码
-C 默认连接次数默认是3 你可以指定为10 例如:-C 10-t 超时默认为5,扫国外设置为30 -t 30端口指定方式指定端口
  1. root@Dis9Team:~# amap -bqv 1.1.1.61 22 80 3389
复制代码
指定范围
  1. root@Dis9Team:~# amap -bqv 1.1.1.61 1-60000
复制代码





操千曲而后晓声,观千剑而后识器。
发表于 2016-3-15 11:06:17 | 显示全部楼层
请问Amap扫描的速度跟目的主机的防火墙有关不

代码区

GMT+8, 2020-10-29 06:21

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部