12.3.3. Nmap NSE Scripts

Nmap – bu enumeration uchun eng mashhur vositalardan biridir. Ushbu vositaning juda kuchli xususiyatlaridan biri Nmap Scripting Engine (NSE) bo‘lib, nomidan ko‘rinib turibdiki, skriptlar yordamida turli vazifalarni avtomatlashtirish imkonini beradi.

Exploit xizmatlari bilan bir qatorda, NSE enumeration, brute force, fuzzing va aniqlash uchun turli xil skriptlarni taqdim etadi. NSE tomonidan taqdim etilgan skriptlarning to‘liq ro‘yxatini /usr/share/nmap/scripts jildida topish mumkin. grep yordamida NSE skriptlarida “exploits” so‘zini tez qidirish bir qator natijalarni qaytaradi.

kali@kali:~$ **grep Exploits /usr/share/nmap/scripts/*.nse**
/usr/share/nmap/scripts/clamav-exec.nse:Exploits ClamAV servers vulnerable to unauthenticated clamav comand execution.
/usr/share/nmap/scripts/http-awstatstotals-exec.nse:Exploits a remote code execution vulnerability in Awstats Totals 1.0 up to 1.14
/usr/share/nmap/scripts/http-axis2-dir-traversal.nse:Exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by
/usr/share/nmap/scripts/http-fileupload-exploiter.nse:Exploits insecure file upload forms in web applications
/usr/share/nmap/scripts/http-litespeed-sourcecode-download.nse:Exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x
...

Ro‘yxat 14 - “Exploits” so‘zini o‘z ichiga olgan NSE skriptlarini ro‘yxatlash

Muayyan NSE skriptlari haqidagi ma’lumotlarni nmap ni --script-help opsiyasi bilan birga skript fayl nomini ko‘rsatib ishga tushirish orqali ko‘rsatish mumkin. Misol sifatida nmap --script-help=clamav-exec.nse ni tahlil qilaylik.

kali@kali:~$ **nmap --script-help=clamav-exec.nse**
Starting Nmap 7.92 ( <https://nmap.org> ) at 2022-06-02 16:23 EDT

clamav-exec
Categories: exploit vuln
<https://nmap.org/nsedoc/scripts/clamav-exec.html>
  Exploits ClamAV servers vulnerable to unauthenticated clamav comand execution.

  ClamAV server 0.99.2, va ehtimol boshqa oldingi versiyalar, autentifikatsiyasiz xavfli xizmat buyruqlarini bajarishga imkon beradi. Xususan, ‘SCAN’ buyrug‘i tizim fayllarini ro‘yxatlash uchun ishlatilishi mumkin, ‘SHUTDOWN’ buyrug‘i esa xizmatni o‘chiradi. Ushbu zaiflik Alejandro Hernandez (nitr0us) tomonidan kashf etilgan.

  Ushbu skript argumentsiz ishlatilganda ‘SCAN’ buyrug‘ining mavjudligini sinab ko‘radi.

  Havolalar:
  * <https://twitter.com/nitr0usmx/status/740673507684679680>
  * <https://bugzilla.clamav.net/show_bug.cgi?id=11585>

Ro‘yxat 15 - Nmap NSE yordamida skript haqida ma’lumot olish

Bu zaiflik haqida ma’lumot va tashqi ma’lumot resurslarini taqdim etadi. Muayyan mahsulot uchun Nmap NSE skripti mavjudligini tekshirish foydalidir.