在新版本nmap中,添加了scripts功能使用,其存儲在nmap的安裝目錄的scripts中,例如 /usr/share/nmap/scripts,已含有将600+個寫好的豐富腳本,本文主要講解在添加nmap-vulners和vulscan腳本後,掃描過程中出現的’/usr/bin/../share/nmap/scripts/vulscan’ found, but will not match without ‘/’問題
使用vulscan掃描錯誤日志,分析得知缺少”/”
# nmap --script vulscan -sV 192.168.1.8 127 ⨯
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-18 23:11 EDT
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:821: directory '/usr/bin/../share/nmap/scripts/vulscan' found, but will not match without '/'
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1312: in main chunk
[C]: in ?
QUITTING!
檢視官方使用方法:vim /usr/share/nmap/scripts/vulscan/vulscan.nse
vulscansshshishs
提示需要指定.nse的檔案位址,才能使用
#nmap --script=vulscan/vulscan.nse -sV 192.168.238.129
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-18 23:28 EDT
#nmap --script=vulscan/vulscan.nse --script-args vulscandb=cve.csv -sV 192.168.238.129
.....
[CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
| [CVE-2004-0719] Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
| [CVE-2004-0571] Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
| [CVE-2004-0569] The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.
| [CVE-2004-0568] HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
| [CVE-2004-0484] mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference.
如果遇到這種錯誤,關鍵主要是沒有找到對應nse腳本進行執行導緻,其他nse腳本執行掃描使用用同樣的方法,同時檢視目前nse的操作手冊。
vulners scan nse
map --script=nmap-vulners/vulners.nse -sV 192.168.238.129