Nmap HeartBleed脚本似乎不适用于非标准端口。
Nmap HeartBleed脚本似乎不适用于非标准端口。
提问于 2018-06-26 11:56:48
HeartBleed的Nmap脚本(使用Nmap v7.40)似乎只在已知的端口上工作。无论何时使用非标准端口,脚本都不会报告任何内容。
nmap -p 46000 --script ssl-heartbleed -script-args vulns.showall -sV x.x.x.x
Starting Nmap 7.40 ( https://nmap.org ) at 2018-06-26 03:23 EDT
Nmap scan report for x.x.x.x.in-addr.arpa (x.x.x.x)
Host is up (0.0048s latency).
PORT STATE SERVICE VERSION
46000/tcp open http nginx 1.5.12
|_http-server-header: nginx/1.5.12
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.08 seconds使用调试-d不会有太大帮助,但是可以看到脚本显然没有做任何事情。
按照评论中的要求:
nmap -p 46000 -n -Pn -sV --version-trace x.x.x.x
Starting Nmap 7.40 ( https://nmap.org ) at 2018-06-26 15:38 EDT
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.3.
NSE: Arguments from CLI:
NSE: Loaded 40 scripts for scanning.
Packet capture filter (device eth0): dst host 192.168.80.131 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host x.x.x.x)))
Overall sending rates: 10.78 packets / s, 474.44 bytes / s.
NSOCK INFO [0.8860s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.8860s] nsock_connect_tcp(): TCP connection requested to x.x.x.x:46000 (IOD #1) EID 8
NSOCK INFO [0.9240s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [x.x.x.x:46000]
Service scan sending probe NULL to x.x.x.x:46000 (tcp)
NSOCK INFO [0.9240s] nsock_read(): Read request from IOD #1 [x.x.x.x:46000] (timeout: 6000ms) EID 18
NSOCK INFO [6.9250s] nsock_trace_handler_callback(): Callback: READ TIMEOUT for EID 18 [x.x.x.x:46000]
Service scan sending probe GenericLines to x.x.x.x:46000 (tcp)
NSOCK INFO [6.9250s] nsock_write(): Write request for 4 bytes to IOD #1 EID 27 [x.x.x.x:46000]
NSOCK INFO [6.9250s] nsock_read(): Read request from IOD #1 [x.x.x.x:46000] (timeout: 5000ms) EID 34
NSOCK INFO [6.9250s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 27 [x.x.x.x:46000]
NSOCK INFO [11.9320s] nsock_trace_handler_callback(): Callback: READ TIMEOUT for EID 34 [x.x.x.x:46000]
NSOCK INFO [11.9320s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [11.9320s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [11.9330s] nsock_connect_tcp(): TCP connection requested to x.x.x.x:46000 (IOD #2) EID 40
NSOCK INFO [11.9690s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [x.x.x.x:46000]
Service scan sending probe GetRequest to x.x.x.x:46000 (tcp)
NSOCK INFO [11.9690s] nsock_write(): Write request for 18 bytes to IOD #2 EID 51 [x.x.x.x:46000]
NSOCK INFO [11.9690s] nsock_read(): Read request from IOD #2 [x.x.x.x:46000] (timeout: 5000ms) EID 58
NSOCK INFO [11.9690s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 51 [x.x.x.x:46000]
NSOCK INFO [12.0520s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 58 [x.x.x.x:46000] (346 bytes)
Service scan match (Probe GetRequest matched with GetRequest line 6609): x.x.x.x:46000 is http. Version: |nginx|1.5.12||
NSOCK INFO [12.0520s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSE: Script scanning x.x.x.x.
NSE: Starting runlevel 1 (of 2) scan.
NSE: Starting http-server-header against x.x.x.x:46000.
NSOCK INFO [12.0530s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [12.0550s] nsock_connect_tcp(): TCP connection requested to x.x.x.x:46000 (IOD #1) EID 8
NSE: Finished http-server-header against x.x.x.x:46000.
NSE: Starting runlevel 2 (of 2) scan.
Nmap scan report for x.x.x.x
Host is up (0.036s latency).
Scanned at 2018-06-26 15:38:40 EDT for 11s
PORT STATE SERVICE VERSION
46000/tcp open http nginx 1.5.12
Final times for host: srtt: 36338 rttvar: 36338 to: 181690
Read from /usr/bin/../share/nmap: nmap-payloads nmap-service-probes nmap-services.
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.22 seconds(echo -en 'GET / HTTP/1.0\r\n\r\n'; sleep 2) | nc x.x.x.x 46000 | (hd || xxd || hexdump)
00000000 48 54 54 50 2f 31 2e 31 20 33 30 32 20 4d 6f 76 |HTTP/1.1 302 Mov|
00000010 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 0d 0a |ed Temporarily..|
00000020 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e |Server: nginx/1.|
00000030 35 2e 31 32 0d 0a 44 61 74 65 3a 20 57 65 64 2c |5.12..Date: Wed,|
00000040 20 32 37 20 4a 75 6e 20 32 30 31 38 20 31 36 3a | 27 Jun 2018 16:|
00000050 33 32 3a 30 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 |32:09 GMT..Conte|
00000060 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 |nt-Type: text/ht|
00000070 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 |ml..Content-Leng|
00000080 74 68 3a 20 31 36 31 0d 0a 43 6f 6e 6e 65 63 74 |th: 161..Connect|
00000090 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 4c 6f 63 61 |ion: close..Loca|
000000a0 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 3a 34 |tion: https://:4|
000000b0 36 30 30 30 2f 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d |6000/....<html>.|
000000c0 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 |.<head><title>30|
000000d0 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c |2 Found</title><|
000000e0 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 |/head>..<body bg|
000000f0 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a |color="white">..|
00000100 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 |<center><h1>302 |
00000110 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 |Found</h1></cent|
00000120 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 |er>..<hr><center|
00000130 3e 6e 67 69 6e 78 2f 31 2e 35 2e 31 32 3c 2f 63 |>nginx/1.5.12</c|
00000140 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d |enter>..</body>.|
00000150 0a 3c 2f 68 74 6d 6c 3e 0d 0a |.</html>..|回答 1
Security用户
回答已采纳
发布于 2018-06-26 11:56:48
诀窍是使端口通过指定的"portrule“。强制脚本在端口中操作的方法之一是使用-p指定端口,同时使用+ preffix运行脚本:
nmap -p 46000 --script +ssl-heartbleed -script-args vulns.showall -sV x.x.x.x
Starting Nmap 7.40 ( https://nmap.org ) at 2018-06-26 03:27 EDT
Nmap scan report for x.x.x.x.in-addr.arpa (x.x.x.x)
Host is up (0.0051s latency).
PORT STATE SERVICE VERSION
46000/tcp open http nginx 1.5.12
|_http-server-header: nginx/1.5.12
| ssl-heartbleed:
| VULNERABLE:
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
| State: VULNERABLE
| Risk factor: High
| OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
|
| References:
| http://www.openssl.org/news/secadv_20140407.txt
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
|_ http://cvedetails.com/cve/2014-0160/
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.78 seconds这一次,脚本检测到漏洞。
页面原文内容由Security提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://security.stackexchange.com/questions/188491
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号