- I-Nmap ichonga amazibuko, iinkonzo, kunye nenkqubo yokusebenza ukulinganisa ukuvezwa.
- vula/ivaliweyo/ehluziweyo ithi isikhokelo somlilo kunye nezigqibo ezinzima.
- I-NSE kunye neZenmap zandisa ukubonakala; basebenzise ngeenqobo zokuziphatha kunye nolawulo.
Ukuba unexhala malunga nomphezulu wohlaselo lwenethiwekhi yakho, uphicotho lwamazibuko kunye neenkonzo lujongo lokuqala lokhuseleko ekufuneka uyenzile. Ngee-odolo ezimbalwa ezikhethwe kakuhle, unokufumanisa ngemizuzu into oyivezayo.Zeziphi iingozi ozibekayo, kwaye iingxaki zinokuvela phi? Awudingi ukuba yi-guru: kunye nesikhokelo esicacileyo kunye nezixhobo zasimahla, oku kukhangela iqhekeza lekhekhe.
Nangona kunjalo, kubalulekile ukugcina iingcamango ezimbini engqondweni: Ijonga kuphela iinkqubo ozilawulayo okanye onemvume yokufikelela.Kwaye khumbula, ukufumanisa akufani nokuxhaphaza. Apha uya kufunda ukubona into evulekileyo, uqaphele iinkonzo, kwaye uqinise ukhuseleko, hayi indlela yokubeka esichengeni iinkqubo zabanye abantu. Ngokucacileyo, makhe sehle siye kwishishini ngesi sikhokelo sendlela yokuphicotha amazibuko kunye neenkonzo zakho eziveziweyo.
Kuthetha ukuthini ukuskena kwezibuko (kwaye kutheni kukwenza oko)
Izibuko yindawo yokungena/yokuphuma enengqiqo kwidilesi ye IP. Nazi 65.535 izibuko ze-TCP/UDP ngedilesi nganye Kwaye nganye inokuvulwa, ivalwe, okanye ihluzwe nge-firewall. Umhlaseli owenza iskeni esicwangcisiweyo angachonga ngemizuzwana ukuba zeziphi iinkonzo ozipapashayo kunye nenguqulelo.
Loo maphu inokuveza ngaphezu kokuba ucinga: inkonzo metadata, iinguqulelo ezinebugs ezaziwayo, okanye imikhondo yendlela yokusebenzaUkuba umntu ufumana ukufikelela ngenkonzo elityelweyo okanye engalunganga, banokunyusa uhlaselo lwabo kwaye badibanise amagama ayimfihlo, iifayile kunye nezixhobo.
Ukunciphisa ukuvezwa, umthetho wegolide ulula: Sukuvula amazibuko amaninzi kunokuba kuyimfuneko, kwaye ujonge amaxesha ngamaxesha afunayo.Imikhwa embalwa (i-scans, i-firewall, uhlaziyo) iyawunciphisa kakhulu umngcipheko.
Izixhobo ezifana ne-Nmap/Zenmap, i-TCPing, okanye izisombululo zohlalutyo zenethiwekhi ezinamandla ngakumbi ziyanceda kulo msebenzi. I-Nmap ngumgangatho we-de facto I-Zenmap igqame ngokuchaneka kwayo, iindlela ezahlukeneyo zobuchule, kunye nenjini yokubhala, kwaye ibonelela ngomzobo womzobo kwabo bakhetha ukuyiphepha ikhonsoli.
Isebenza njani iNmap (Izinto eziBalulekileyo ekufuneka uzazi)
I-Nmap ifumanisa izixhobo kunye neenkonzo kuthungelwano lwasekhaya kunye ne-Intanethi, kwaye inakho chonga amazibuko, uguqulelo lwenkonzo, kwaye uqikelele inkqubo yokusebenzaI-cross-platform (i-Linux, i-Windows, i-macOS) kwaye ixhasa i-IPv4 kunye ne-IPv6, iyasebenza kuzo zombini iithagethi ezimbalwa kunye noluhlu olukhulu.
Amazibuko avela kunye namazwe abalulekileyo ukuqonda: vula (inkonzo imamele), ivaliwe (iyafikeleleka kodwa akukho nkonzo), kwaye ihluziwe (i-firewall ithintela ukwazi)Ngokuxhomekeke kubuchule, banokubonakala bedibene njenge vula|hluziwe o ivaliwe|hluziwe.
Ngokubhekiselele kubuchule, ixhasa i-TCP SYN (ekhawulezayo neyingqondi) iskena, i-TCP iqhagamshele (uqhagamshelo olupheleleyo), i-UDP, kunye neendlela ezingaqhelekanga ezifana FIN, NULL, Xmas, ACK okanye SCTPKwakhona yenza ukufunyanwa kwenginginya usebenzisa i-TCP/UDP/ICMP pings kwaye ilandelela imizila yenethiwekhi.
Ukongeza kwi-inventri, i-Nmap idibanisa NSE (Nmap Scripting Engine) Kuvavanyo oluzenzekelayo: ukusuka kuluhlu olusisiseko ukuya kuqwalaselo loqwalaselo kwaye, ngononophelo olukhulu, ukuskena ukuba sesichengeni. Ngalo lonke ixesha sebenzisa ngokusesikweni.
Ukufakela kunye nokusekwa kwimizuzu
KwiLinux, iNmap ikwindawo yokugcina izinto, ke yonke into oyifunayo yi sudo apt install nmap (Debian/Ubuntu) okanye umyalelo olinganayo we-distro yakho. Vula umphathi wepakethe kwaye ulungele konke.Yinto eqinisekileyo.
KwiWindows kunye neMacOS, yikhuphele kwiwebhusayithi yayo esemthethweni kwaye ugcwalise iwizard. Ufakelo luthe ngqo Kwaye, ukuba uyathanda, unokongeza iZenmap ngamava omzobo ngeeprofayile zokuskena ezichazwe kwangaphambili.
Izikena ezikhawulezayo nezisebenzayo: imiyalelo oyidinga ngokwenene
Ukujonga ngokukhawuleza umamkeli: nmap Le profayile ijonga amazibuko aqhelekileyo kwaye ikubonisa ukuba zeziphi ezivuliweyo. Ilungile njengefoto yokuqala ngaphambi kokungena nzulu.
Ukuba ufuna ukunciphisa izibuko: nmap -p 20-200 192.168.1.2Ungadwelisa ezikhethekileyo (-p 22,80,443) okanye nkqu wonke umntu (-p 1-65535), esazi ukuba kuya kuthatha ixesha elide.
Ukufunda ngeenkonzo kunye neenguqulelo, yongeza -sV, kunye ne Khangela inkqubo yokusebenza, -O (ngcono ngamalungelo): nmap -sV -O 192.168.1.2Ukuba ufuna ukuya "i-throttle epheleleyo," iprofayili -A idibanisa -sV, -Oimibhalo engagqibekanga kunye --traceroute.
Ingaba ikhona i-firewall? Zama iindlela ezinceda ekuhleleni ukuhluza, njenge -sA (ACK) okanye iindlela zokufumanisa kunye -PS/-PA/-PU/-PE. Kuthungelwano olukhulu kakhuluLungisa isantya nge -T0..-T5 kwaye imida amazibuko nge --top-ports.
Ukufunyanwa komamkeli kunye nokukhetha okujoliswe kuko
Ukufumanisa ukuba yintoni ephilayo kwi-subnet ungasebenzisa i-ping-scan: nmap -sn 192.168.1.0/24. Uya kufumana uluhlu lwezixhobo ezisebenzayo kwaye ungajolisa ukudubula kwakho kwabo banomdla kuwe.
Ukuba ulawula uluhlu olukhulu, sebenzisa -iL ukufunda iithagethi kwifayile kunye --exclude o --excludefile ukuphepha into engafanele ichukunyiswe. Randomize ababuki zindwendwe nge --randomize-hosts Inokuba luncedo kuxilongo oluthile.
Ukutolika iziphumo njengengcali
Ukuba izibuko evulekileyo Ibonisa inkonzo yokuphulaphula kunye nomphezulu onokwenzeka. kuvaliwe Ibonisa ukuba umamkeli uyaphendula, kodwa akukho nkonzo; luncedo kubhaqo lwe-OS kunye nokwenza isigqibo sokuba kuhluzwe ngodonga lomlilo. Icociwe Oku kubonisa ukuba ulawulo oluphakathi luyavalela okanye aluphenduli, ke iNmap ayinakuqinisekisa urhulumente.
Khumbula ukuba Ukufunyanwa kwe-OS akunampazamoKuxhomekeke kwi-latency, iminwe, kunye nezixhobo eziphakathi. Yisebenzise njengesikhokelo, kungekhona njengenyaniso epheleleyo.
I-NSE: Izikripthi eziluncedo kunye nokusetyenziswa ngokufanelekileyo
Amaqela e-NSE abhala ngokweendidi: Engagqibekanga (esisiseko), auth (uqinisekiso), Ukufumanisa (ukuqaphela), Khu selekile (engaphazamisi), ngenelela (kusenokwenzeka ukuba kungxola), vuln (ukuhlolwa kokuba sesichengeni), i-malware/backdoor (iimpawu zokuzinikela) kunye nabanye. Ungababiza nge --script kwaye ugqithise iingxoxo kunye --script-args.
Kuyahenda ukuphosa yonke into phaya, kodwa uphephe ingxolo engeyomfuneko: izikripthi ezingagqibekanga kunye nezo zikudidi olukhuselekileyo Banikezela ukubonakala okuphezulu kunye nefuthe eliphantsi. Iimvavanyo ezijolise ekubeni sesichengeni zixabisekile, kodwa qinisekisa okufunyenweyo kwaye wenze ngobulumko ukuphepha iziphumo ezibubuxoki.
Kukho imibhalo ezama ukunyanzelisa iziqinisekiso okanye ukuvavanya iimeko ezinobundlobongela. Musa ukwenza izenzo eziphazamisayo ngaphandle kogunyaziso olucacileyoInciphisa ukusetyenziswa kwayo kwiisetingi zebhubhoratri okanye uqheliselo olulawulwayo ngemvume.
Iintlobo zokuskena ezifakiweyo
-sS (SYN): ngokukhawuleza kunye "nesiqingatha esivulekileyo", akugqibi ukuxhawula, kuluncedo kakhulu ekubaleni izibuko. Ibhalansi efanelekileyo phakathi kwesantya kunye neenkcukacha.
-sT (TCP qhagamshela)Isebenzisa isitaki senkqubo ukugqiba imidibaniso; kubonakala ngakumbi, kodwa akukho malungelo afunekayo phezulu.
-sU (UDP)Kubalulekile kwiinkonzo ezifana ne-DNS, SNMP, kunye ne-DHCP. Iyacotha ngenxa yobume be-UDP, ke chaza amazibuko okanye usebenzise --top-ports ukukhawulezisa.
Ezinye ezingaxhaphakanga kakhulu (FIN/NULL/Xmas/ACK, SCTP, IP protocol) inceda ukuhlela ukuhluza qonda ukuba i-firewall ihlola njaniZisebenzise njengenkxaso xa eyona ndlela iphambili ingacacisi amazwe.
Ukusebenza, iinkcukacha kunye nesiphumo seziphumo
Iiprofayili zexesha -T0..-T5 Balungisa i-cadence (i-paranoid, i-stealthy, eqhelekileyo, i-aggressive, i-madness). Qala nge-T3 kwaye ilungelelanise ngokwe-latency kunye nobukhulu obujoliswe kuyo.
Amanqanaba ezenzi -v kunye nokulungiswa kweempazamo -d Bakunceda ubone okwenzekayo ngexesha lokuskena. Kuba imikhondo emihle, --packet-trace Ibonisa iipakethi eziphumayo kwaye zibuye.
Ukugcina iziphumo: -oN (iyafundeka), -oX (XML), -oG (ukulungeleka) okanye -oA (zonke ngaxeshanye). Hlala uthumela ngaphandle ukuba uza kuthelekisa iskeni ekuhambeni kwexesha.
Kuthekani ngefirewall/IDS yokudlula?
I-Nmap inikeza iinketho ezinje -f (ukuqhekeka), ukukhohlisa (-D), kubuxoki idilesi yeIP yomthombo (-S), --g (izibuko lemvelaphi) okanye --spoof-mac. Ezi ziindlela eziphambili ezinempembelelo yomthetho kunye nokusebenzaUphicotho-zincwadi lokhuselo lwangaphakathi alufane lube yimfuneko; gxininisa ekubonakaleni kunye nokulungiswa.
I-Zenmap: Nmap enojongano lomzobo
IZenmap ibonelela ngeenkangeleko ezinje ngo "Quick Scan", "Intense", "TCP/UDP" kwaye ibonelela ngeethebhu ze Isiphumo seNmap, iZibuko/iiNkonzo, iTopology, iiNkcukacha, kunye nezikena ezigciniweyoIlungile ekubhalweni okufunyanisiweyo kunye nakwabo bafuna ukubona i-topology ngokucofa.
Ezinye izixhobo ezongezayo
Kwiinkqubo zasekuhlaleni, ss y netstat Zibonisa iziseko zokuphulaphula kunye namazibuko. Umzekelo, ss -tulnp Uluhlu lokumamela lwe-TCP/UDP kunye ne-PID, kwaye unokucoca nge-port okanye iprotocol. lsof -i Ikwaluncedo ekudibaniseni imidibaniso kwiinkqubo.
Ukujonga unxibelelwano kwizibuko elikude, telnet host puerto okanye abanye abathengi banokusebenza (ngenkathalo, ukusukela oko I-Telnet ayifihliI-Wireshark inceda ukubona i-traffic kwaye uqonde ukuba kutheni into ethile ingaphenduli okanye i-firewall iyihluza njani.
Phakathi kwezinye izinto, UMascan Ibalasele ngesantya sayo (izikena ezinkulu ngexesha elifutshane), Fing/Fingbox kwi-inventri ekhawulezayo kunye nolawulo lwasekhaya, Iscreen se-IP esinomsindo ngobulula bayo, kwaye WinMTR ukuxilonga iindlela kunye nokubambezeleka. Unyango Inamandla okulawula iipakethe kunye nokulinga.
Ukuba ukhetha into elula, i-TCPing ikuvumela ukuba ujonge ukufumaneka kwe-TCP ngokungathi ubunamazibuko e-pinging. Ilunge kakhulu xa kujongwa ixesha elinye.nangona ingathathi indawo yeskeni esipheleleyo.
Uphicotho lwenethiwekhi ye-WiFi
Nangona sihlala sicinga ngeengcingo, iNmap iluncedo nje ngaphandle kwamacingo. Chonga izixhobo eziqhagamshelwe kwi-routerIjonga i-mobile, i-IoT, kunye ne-AP port kwaye inceda ekuboneni ulungelelwaniso olubuthathaka (umzekelo, iinkonzo ezingeyomfuneko eziveziweyo).
Gcina ukhumbula i Uluhlu oluguquguqukayo lweDHCP kunye nodidi loguqulelo oluntsonkothileyo lwenethiwekhi. Idityaniswe nokubanjwa kweWireshark okanye iisuite ezifana neAircrack-ng kwiilebhu ezilawulwayo, uya kuba nomfanekiso opheleleyo wokusingqongileyo.
Izenzo ezilungileyo zokuqina
1) Ubuncinci beemfunoSukuvula nantoni na ongayi kuyisebenzisa. Ukuba inkonzo ayisafuneki, yicime kwaye uvale izibuko layo.
2) Ukucima umliloIhluza itrafikhi engenayo/ephumayo ngokusekelwe kwindima yesixhobo. Kwii-routers, ichaza imithetho ecacileyo kwaye inqande ukuhanjiswa okungafunekiyo. Iqinisekisa kwi-intanethi ukuba into ekufuneka ivaliwe ivaliwe.
3) UhlaziyoIsebenzisa iipetshi zenkqubo, i-router firmware, kunye neenkonzo ezipapashiweyo. Uninzi lokuyekelela lusebenzisa iinguqulelo ezindala ngee-CVEs ezaziwayo.
4) Ukubeka iliso: icwangcisa iskeni ngamaxesha kwaye igcina iziphumo kuyo -oA ngokuthelekisa. Ukuba izibuko libonakala belingekho ngaphambili, phanda ngotshintsho.
5) Imigaqo-nkqubo noqeqeshoKwiinkampani, chaza ukuba ngubani oskena, nini, kwaye ngeziphi iiprofayili. Ukuqeqesha abasebenzi ekusebenziseni uxanduva lwe-NSE kunye nolawulo lweziphumo, kunye neenkqubo zokulungisa amaxwebhu.
Izinto ezilungileyo kunye nezithintelo zeNmap
Egqibelele: Isimahla, ibhetyebhetye, kwaye inobuchule obuphezuluFumana izibuko, iinguqulelo, i-OS, hlanganisa izikripthi, kwaye uthumele ngaphandle ngokuchanekileyo. Sisixhobo sokuya kwi-admins, abaphicothi-zincwadi, kunye namaqela okuphendula.
Izinto ezimbi: inokuba njalo ivalwe yi-firewall, yenza ingxolo kwizigodo Ukuba undlongondlongo ngokugqithisileyo, ukubonwa kwe-OS/nkonzo akusoloko kugqibelele. Ngaphaya koko, ezinye izixhobo (umzekelo, umzi-mveliso okanye izixhobo zonyango) ukuba Abayinyamezeli i-scan ephazamisayo kakuhle.
Ukukhangela okukhawulezileyo kwemizuzu emi-5 (kukhuselekile kwaye kusebenza)
1) Fumana iinginginya ezisebenzayo nge nmap -sn 192.168.1.0/24. Khetha ezo zinomdla kuwe kwinyathelo elilandelayo.
2) Izibuko eziqhelekileyo kunye nmap -sS o --top-ports 1000 ukugxila kwizinto eziqhelekileyo. Sele unayo imephu esisiseko.
3) Yongeza -sV ukufumana iinguqulelo ezivulekileyo kunye -O ukuba ufuna iprofayile yesixokelelwano esisebenzayo. Thumela ngaphandle nge -oA ukugcina ubungqina.
4) Ukuba ubona into engaqhelekanga (umzekelo, i-telnet evulekile ye-23 / tcp), khangela inkonzo kwaye uyivale / uyihluze ukuba ayibalulekanga. Sebenzisa iipetshi kunye nemigaqo-nkqubo ukuba inguqulelo indala.
Imiyalelo kunye neenketho eziluncedo ukuba nazo
Ukufunyanwa: -PS (SYN ping), -PA (ACK), -PU (UDP), -PE (ICMP Echo), --traceroute (indlela). Iluncedo ekuhleleni umda kwaye ubone imiqobo ephakathi.
ubuchule Port: -sS, -sT, -sU, -sA, -sN/-sF/-sX, -sO. Khetha ngokwenjongo kunye nokusingqongileyo.
Selección de puertos: -p (uluhlu/uluhlu), --top-ports n, -F (uluhlu olukhawulezayo lwe-100 exhaphake kakhulu), -r (ngokulandelelana). Bekela bucala ixesha.
Inkonzo/SO: -sV, --version-all, --version-trace, -O, --max-os-tries, --fuzzy. Iluncedo kulwandlalo oluhle.
Phuma: -oN, -oX, -oG, -oA, --resume. Ungalibali ukugcina kunye nokukwazi ukuqalisa kwakhona ukuba ithe yaphazamiseka.
Jonga amazibuko kwisixokelelwano (iWindows/Linux)
KwiWindows, ngePowerShell okanye iCMD, netstat -ano Uluhlu loqhagamshelwano kunye namazibuko okuphulaphula nge-PID. Hluza ngokwenkqubo kwaye ijonga ukuba ngubani ovula ntoni.
KwiLinux/macOS, ss -tulnp Idibanisa into enye ngendlela yanamhlanje, kwaye lsof -i Ivumela iinkqubo zokuwela kunye neziseko. Zibalulekile ekulungelelaniseni iziphumo ukusuka kuskena ngeenkonzo zokwenyani.
Iifirewall: Vimba into ongayifuniyo
Kumaqela, chaza imithetho yokungena/yokuphuma ngenkonzo kunye neprofayile (umzekelo, “ukunciphisa ukufikelela kwi-SSH kwii-IP ezithembekileyo"). Kwi-routerIlawula ugqithiso lwezibuko kwaye inqande iiphaneli okanye iinkonzo ezivezwayo ngokungagqibekanga. Qinisekisa kwi-intanethi nge-Nmap ukuba into oyikholelwayo ukuba ivaliwe ivaliwe.
Undoqo kuphicotho olululo lwezibuko kukudibanisa ukubonakala, ukugweba, kunye nokungaguquguquki: Jonga okuvuliweyo, uqonde ukuba yeyiphi inkonzo esemva kwayo, uthathe isigqibo sokuba kufuneka ivulwe, kwaye uyigcine ihlaziyiwe.Nge-Nmap/Zenmap, izinto eziluncedo kwinkqubo, kunye nezenzo ezilungileyo zomlilo, unganciphisa ukuvezwa kwakho ngemizuzu kwaye uyigcine iphantsi kolawulo ngokuskena rhoqo. Skena ngobulumko, bhala utshintsho lwakho, kwaye ungavumeli izibuko elibelekileyo libe lisango lentloko yakho elandelayo.
Ukuthanda itekhnoloji ukusukela esemncinci. Ndiyakuthanda ukuhlala unolwazi kweli candelo kwaye, ngaphezu kwako konke, ukunxibelelana nalo. Yiyo loo nto ndizinikele kunxibelelwano lwetekhnoloji kunye neewebhusayithi zomdlalo wevidiyo iminyaka emininzi ngoku. Ungandifumana ndibhala malunga ne-Android, iWindows, iMacOS, i-iOS, iNintendo okanye nasiphi na esinye isihloko esihambelanayo esiza engqondweni.