Live Host
作者:互联网
一,arping
arping 192.168.2.105
sudo arping -i wlan0 -c 6 192.168.2.105
sudo arping -d 192.168.2.105
sudo arping -c 6 -i wlan0 2c:37:c5:0f:21:49//不灵
二,firewalk
ttl和端口开放情况,有替代工具,略
三,fping(可用于替代ping,也是icmp)
fping 192.168.2.254 192.168.2.1//多个
fping -s -g 192.168.2.240 192.168.2.254//范围
fping -s -g 192.168.2.240/28//范围
fping < fping.txt//范围在文件中
四,hping3,多层ping,可用于攻击。比较强大。但除flood可用nmap代替
总是挺强大的
五,masscan
异步实现,速度非常快。结果类似nmap。此工具的最大优势是速度。
sudo masscan -p80,8080-8100 192.168.2.0/24
-c 可带配置文件
usage:
masscan -p80,8000-8100 10.0.0.0/8 --rate=10000
scan some web ports on 10.x.x.x at 10kpps
masscan --nmap
list those options that are compatible with nmap
masscan -p80 10.0.0.0/8 --banners -oB <filename>
save results of scan in binary format to <filename>
masscan --open --banners --readscan <filename> -oX <savefile>
read binary scan results in <filename> and save them as xml in <savefile>
masscan --help
MASSCAN is a fast port scanner. The primary input parameters are the
IP addresses/ranges you want to scan, and the port numbers. An example
is the following, which scans the 10.x.x.x network for web servers:
masscan 10.0.0.0/8 -p80
The program auto-detects network interface/adapter settings. If this
fails, you'll have to set these manually. The following is an
example of all the parameters that are needed:
--adapter-ip 192.168.10.123
--adapter-mac 00-11-22-33-44-55
--router-mac 66-55-44-33-22-11
Parameters can be set either via the command-line or config-file. The
names are the same for both. Thus, the above adapter settings would
appear as follows in a configuration file:
adapter-ip = 192.168.10.123
adapter-mac = 00-11-22-33-44-55
router-mac = 66-55-44-33-22-11
All single-dash parameters have a spelled out double-dash equivalent,
so '-p80' is the same as '--ports 80' (or 'ports = 80' in config file).
To use the config file, type:
masscan -c <filename>
To generate a config-file from the current settings, use the --echo
option. This stops the program from actually running, and just echoes
the current configuration instead. This is a useful way to generate
your first config file, or see a list of parameters you didn't know
about. I suggest you try it now:
masscan -p1234 --echo
六,ncat
超有用的nc ,多功能。
七,atk6-thcping6 --help
atk6-thcping6 3.8 (c) 2020 by van Hauser / THC <vh@thc.org> www.github.com/vanhauser-thc/thc-ipv6
Syntax: atk6-thcping6 [-EafqxO] [-e ethertype] [-H t:l:v] [-D t:l:v] [-F dst] [-e ethertype] [-L length] [-N nextheader] [-V version] [-t ttl] [-c class] [-l label] [-d size] [-S port|-U port|-T type -C code] interface src6 dst6 [srcmac [dstmac [data]]]
Options:
-T number ICMPv6 type to send (default: 128 = ping)
-C number ICMPv6 code to send (default: 0)
-S port use a TCP SYN packet on the defined port instead of ping
-U port use a UDP packet on the defined port instead of ping
-n count how often to send the packet (default: 1)
-h show more command line options (help!)
You can put an "x" into src6, srcmac and dstmac for an automatic value.
Craft a ICMPv6/TCP/UDP packet with special IPv6 or EH header options.
Returns -1 on error or no reply, 0 on normal reply or 1 on error reply.
八,unicornscan
异步高速
sudo unicornscan -i wlan0 -Ir 160 -E 192.168.2.240/28:80-443
sudo us -i wlan0 192.168.2.105 -p 3306
sudo us -i wlan0 192.168.2.105 -mU
sudo us -i wlan0 192.168.2.105 -msf
us -H -msf -Iv 192.168.56.101 -p 1-65535
us -H -mU -Iv 192.168.56.101 -p 1-65535
-H resolve hostnames during the reporting phase
-m scan mode (sf - tcp, U - udp)
-Iv - verbose
-z 嗅探收包
-v 显示详细信息
-W 保存收包
-G payload组编号
-m 扫描方式
U UDP协议
sf TCP连接扫描
T TCP Syn扫描
syn[Ss]、fin[Ff]、 urg[Uu]、 psh[Pp]、 ack[Aa] , ece[Ee], cwr[Cc]
九,xprobe2,猜测操作系统
sudo xprobe2 192.168.2.105
sudo xprobe2 -T 80,3306,21,22 -U 111,123,5353 192.168.2.105//根据端口猜测
标签:2.105,masscan,--,sudo,Host,192.168,Live,port 来源: https://www.cnblogs.com/augustone/p/16504956.html