适用于 CISCN 2023 Final Build ~~应付式写法,下次在用Python写扫描器我就是傻逼,目前正在用别的语言重构
- 交互式界面
- 判断资产是否存活
- 扫描资产所开放的端口
- 识别资产服务指纹
- 识别蜜罐
- 识别设备
- 识别目标服务所存在的漏洞(OWASP Top 10)
- 大量IP批量扫描(为此而生)
- 资产指纹来源nmap,解析使用 https://github.com/boy-hack/nmap-parser
最终扫描内容规范以主办方发出的 补充公告(更新).pdf, MD5:BB3063F8D0408D75A7B286AA4F1F4B92 为准,扫描范围如下
16.163.13.0/24
45.126.125.0/24
159.65.92.0/24
66.151.67.0/24
45.83.43.0/24
134.122.18.0/24
47.243.241.0/24
103.252.118.0/24
134.122.46.0/24
204.168.128.0/17
103.252.119.0/24
134.209.202.0/24
206.214.154.0/24
170.64.158.0/24
142.93.206.0/24
3.238.195.0/24
170.64.148.0/24
142.93.224.0/24
162.191.70.0/24
165.22.17.0/24
137.184.166.0/24
93.241.247.0/24
47.243.252.0/24
113.30.150.0/24
211.22.90.0/24
154.23.140.0/24
185.229.226.0/24
59.125.199.0/24
103.43.86.0/24
185.139.228.0/24
173.233.101.0/24
103.195.5.0/24
185.241.5.0/24
143.244.97.0/24
195.122.192.0/19
143.110.240.0/24
13.36.180.0/24
35.206.251.0/24
143.110.244.0/24
67.214.158.0/24
43.135.46.0/24
159.65.5.0/24
50.229.193.0/24
47.89.30.0/24
159.65.84.0/24
99.255.14.0/24
165.22.22.0/24
81.28.6.0/24
216.71.192.0/19
165.22.92.0/24
83.229.87.0/24
64.154.25.0/24
206.189.61.0/24
138.68.173.0/24
198.175.72.0/24
104.248.48.0/24
68.183.46.0/24
106.1.186.0/24
24.199.98.0/24
68.183.233.0/24
89.109.35.0/24
164.92.167.0/24
68.183.177.0/24
209.206.38.0/24
113.30.191.0/24
64.226.68.0/24
35.221.210.0/24
113.30.151.0/24
其中协议遵循的标准如下
| 序号 | 名称 | 备注 |
|---|---|---|
| 1 | ssh | RFC 4251 |
| 2 | http | RFC 4251 |
| 3 | https | RFC 4251 |
| 4 | rtsp | RFC 4251 |
| 5 | ftp | RFC 4251 |
| 6 | telnet | RFC 4251 |
- 使用SYN扫描,实测22000条IP地址扫描完成时间45min甚至更长,完成率65.12%
"165.22.22.24": {
"services": [
{
"port": 443,
"protocol": "http",
"service_app": [
"wordpress/4.9.18",
"apache/2.4.41",
"ubuntu/N",
null
]
},
{
"port": 80,
"protocol": "http",
"service_app": [
"wordpress/4.9.18",
"apache/2.4.41",
"ubuntu/N",
null
]
},
{
"port": 22,
"protocol": "ssh",
"service_app": [
"openssh/8.2"
]
}
],
"deviceinfo": null,
"honeypot": null
},
"165.22.22.76": {
"services": [
{
"port": 80,
"protocol": "http",
"service_app": [
"nginx/1.10.3"
]
}
],
"deviceinfo": null,
"honeypot": null
},
"165.22.22.81": {
"services": [
{
"port": 443,
"protocol": "http",
"service_app": [
"apache"
]
},
{
"port": 22,
"protocol": "ssh",
"service_app": [
"openssh/8.2"
]
},
{
"port": 80,
"protocol": "http",
"service_app": [
"apache"
]
}
],
"deviceinfo": null,
"honeypot": null
},