转自paper.tuisec.win/detail-e92c37fc47fedca.html
icmp扫描
win下使用icmp扫描
cmd执行如下命令,对整个c段进行ping扫描
for /l %i in (1,1,255) do @ping192.168.0.%i -w 1 -n 1 | find /i "ttl"
B段查找
for /l %i in (1,1,255) do @ping -a10.0.%i.1 -w 1 -n 1 | find /i "Pinging"
arp扫描
在win下使用各种arp扫描
start /b arpscan.exe -t 192.168.1.0/24>>result.txt
powershell.exe -exec bypass -Command"Import-Module C:\Invoke-ARPScan.ps1;Invoke-ARPScan -CIDR 192.168.1.0/24">>result.txt
在linux下使用arp扫描
nmap -sn -PR 192.168.1.0/24尝试arp扫描
处在别人的vpn内网中(kali)
netdiscover -r 192.168.1.0/24 -i eth0
msf的arp扫描模块
msf > use auxiliary/scanner/discovery/arp_sweep
msf > show options
msf >set interface eth0
msf >set smac xxxxxxxxx
msf >set rhosts 192.168.1.0/24
msf >set threads 20
msf >set shost 192.168.1.27
msf > run
meterpreter
meterpreter> getsystem
meterpreter > run autoroute -s192.168.1.0/24
meterpreter > run post/windows/gather/arp_scanner RHOSTS=192.168.1.0/24
网友评论