一、wmap模块
0、启动并连接数据库
service postgresql start
1、加载插件
load wmap
2、添加站点
wmap_sites -a
3、列出站点可用的目标
wmap_sites -l
4、添加目标
wmap_targets -t
5、测试目标
wmap_run -e
6、查看可用利用漏洞
wmap_vulns -l
二、db_nmap
1、启动并连接数据库
service postgresql start
2、扫描目标主机系统及程序相关信息
db_nmap -sV -v 192.168.139.132[*] Nmap: 21/tcp open ftp vsftpd 2.3.4[*] Nmap: 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)[*] Nmap: 23/tcp open telnet Linux telnetd[*] Nmap: 25/tcp open smtp Postfix smtpd[*] Nmap: 53/tcp open domain ISC BIND 9.4.2[*] Nmap: 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)[*] Nmap: 111/tcp open rpcbind 2 (RPC #100000)[*] Nmap: 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)[*] Nmap: 445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)[*] Nmap: 512/tcp open exec netkit-rsh rexecd[*] Nmap: 513/tcp open login?[*] Nmap: 514/tcp open tcpwrapped[*] Nmap: 1099/tcp open java-rmi GNU Classpath grmiregistry[*] Nmap: 1524/tcp open bindshell Metasploitable root shell[*] Nmap: 2049/tcp open nfs 2-4 (RPC #100003)[*] Nmap: 2121/tcp open ftp ProFTPD 1.3.1[*] Nmap: 3306/tcp open mysql MySQL 5.0.51a-3ubuntu5[*] Nmap: 5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7[*] Nmap: 5900/tcp open vnc VNC (protocol 3.3)[*] Nmap: 6000/tcp open X11 (access denied)[*] Nmap: 6667/tcp open irc UnrealIRCd[*] Nmap: 8009/tcp open ajp13 Apache Jserv (Protocol v1.3)[*] Nmap: 8180/tcp open http Apache Tomcat/Coyote JSP engine 1.1[*] Nmap: Service Info: Hosts: metasploitable.localdomain, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
3、扫描目标主机上面的漏洞
db_nmap --script=vuln 192.168.139.132
