何処にあるの? -> 地下に潜ればすぐ見つかるはず ^^;;;
Usage: ./mscan [-r ip of net] [-z network] [-h network] [scan options]
-r [ip of net] : reverse DNS lookup the network (use when
nameservers don't allow host -l type queries)
refer to README-NOW for more info.
-z [network] : use z0ne to gather IP's; you should
use this if the nameserver allows host -l queries.
-h [network] : use 'host -l | grep "has address" | awk
'{print $4}' to gather ip addresses. This only
gathers IP's from the top level so z0ne is
preferred.
-c number : How many children to spawn. (i.e. if
you do -c 50, mscan will be scanning 50 hosts
at any given time.) Default is 9 (rather slow).
-n : don't gather ip's, read from .ipdb.
-f file : use "file" as IP database. When this opt isn't
provided mscan logs to .ipdb.
-S : check for boxes running statd.
-E : check for boxes that export filesystems to everyone.
-C : check for boxes running vulnerable cgi programs.
-X : check for open X servers.
-W : check for wingate servers and open routers.
-I : check for redhat boxes running IMAP.
-N : report linux and freebsd servers running vulnerable
named versions.
-F : attempt to get info via finger.
-P : check for pop3d when the server is vulnerable to another
exploit which allows us to get account names (test.cgi,
finger, phf, handler.)
-V : print OS type (if identified), open ports, and misc
old vulnerabilities (AIX running rlogind, rex,
sendmail 8.6.9, etc)
-t : truncate output, only report boxes that you can immediately hax0r
and don't print pop banners, telnet banners and portscan info.
-a : report everything except X servers and exports.
-b : report everything. (this is significantly slower
than -a.) hint: pick only the options you need@&@
Example : ./mscan -c 60 -h ac.kr -at > ac.kr.log &
*-* by jsbach, june/1998 *-*
ステルスモード付 B-)
何処にあるの? -> けっこういろんな所にあるはず
nmap V. 1.51 usage: nmap [options] [hostname[/mask] . . .] options (none are required, most can be combined): -t tcp connect() port scan -s tcp SYN stealth port scan (must be root) -U Uriel Maimon (P49-15) style FIN stealth scan. -P ping "scan". Find which hosts on specified network(s) are up. -bftp "bounce attack" port scan -u UDP port scan, will use MUCH better version if you are root -l Do the lamer UDP scan even if root. Less accurate. -f use tiny fragmented packets for SYN or FIN scan. -D Don't ping hosts (needed to scan www.microsoft.com and others) -i Get identd (rfc 1413) info on listening TCP processes. -p ports: ex: '-p 23' will only try port 23 of the host(s) '-p 20-30,63000-' scans 20-30 and 63000-65535 default: 1-1024 -F fast scan. Only scans ports in /etc/services, a la strobe(1). -n Don't DNS resolve anything unless we have to (makes ping scans faster) -L Number of pings to perform in parallel. Your default is: 52 -o Output scan logs to . -R Try to resolve all hosts, even down ones (can take a lot of time) -r do NOT randomize target port scanning order. -S If you want to specify the source address of SYN or FYN scan. -T Set the ping and tcp connect() timeout. -v Verbose. Its use is recommended. Use twice for greater effect. -h help, print this junk. Also see http://www.dhp.com/~fyodor/nmap/ -V Print version number and exit. -w delay. n microsecond delay. Not recommended unless needed. -M maximum number of parallel sockets. Larger isn't always better. -q quash argv to something benign, currently set to "pine". (deprecated) Hostnames specified as internet hostname or IP address. Optional '/mask' specifies subnet. cert.org/24 or 192.88.209.5/24 or 192.88.209.0-255 scan CERT's Class C.
昔サタンという名前だった
何処にあるの? -> http://www.wwdsi.com/saint/