• XSS.stack #1 – первый литературный журнал от юзеров форума

Scan nmap

Отслеживать
Article: https://enlacehacktivista.org/index...s_Tactics,_techniques_and_procedures#Networks

Scan the world:
Код: 
sudo masscan -Pn -sS 0.0.0.0/0 --rate 50000 -p443 --open-only --exclude 255.255.255.255 | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > results.txt
Код: 
sed -i 's/$/:443/' results.txt

Scan countries (Australia):
Код: 
sudo masscan -Pn -sS -iL australia.txt --rate 50000 -p443 --open-only --excludefile block.txt | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > results.txt

Scan multiple ports:
Код: 
sudo masscan -Pn -sS -iL australia.txt --rate 50000 -p4443,10443,8443 --open-only --excludefile block.txt --output-format list --output-file results.txt
awk '{ print $4 ":" $3 }' results.txt > final_results.txt

Vulnerability scan discovered hosts:
Код: 
nuclei -l final_results.txt -t nuclei-templates/http/cves/2018/CVE-2018-13379.yaml -o vulns.txt

Article:
Код: 
1. Scan for Proxyshell:

    sudo masscan -Pn -sS -iL ranges.txt --rate 50000 -p443 --open-only --excludefile block.txt | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' > results.txt

    sed -i 's/$/:443/' results.txt

    nuclei -l results.txt -t nuclei-templates/http/cves/2021/CVE-2021-34473.yaml -o vulns.txt
Код: 
2. Scan for CVE-2018-13379:

    sudo masscan -Pn -sS -iL ranges.txt --rate 50000 -p4443,10443,8443 --open-only --excludefile block.txt --output-format list --output-file results.txt

    awk '{ print $4 ":" $3 }' results.txt > final_results.txt

    nuclei -l final_results.txt -t nuclei-templates/http/cves/2018/CVE-2018-13379.yaml -o vulns.txt

Increase rate based on VPS/Dedicated server limits. For larger host files (results) you can split the file down into smaller files to scan with nuclei to make things faster.

You can change nuclei scanning template to anything you like: https://nuclei-templates.netlify.app

Results of scan:
1. https://xss.pro/threads/90987/post-632882
2. https://xss.pro/threads/89047

Tools:
1. https://github.com/robertdavidgraham/masscan
2. https://gist.github.com/ozuma/fb21ab0f7143579b1f2794f4af746fb2
3. https://github.com/projectdiscovery/nuclei
4. https://lite.ip2location.com/ip-address-ranges-by-country
 

Вложения

  • australia.txt
    216.5 КБ · Просмотры: 27
Последнее редактирование:
Пожалуйста, обратите внимание, что пользователь заблокирован
Wetmishka сказал(а):
(не все порты сразу)
Почему?
BLUA сказал(а):
С тором, теоретически(сам таким не страдал) только со своей выходной нодой(а это считай с впс), а так все ноды тора в плохих списках
Всмысле с VPS нельзя сканить?
xfree сказал(а):
**без VPS
Почему без VPS?
 
Knew100 сказал(а):
Почему?
ну все зависит от твоего времени и скоупа, если у тебя огромная сеть условно на 40к хостов и немного времени, ты же не успеешь. Поэтому можно просто посмотреть изи рце порты и наиболее часто встречающиеся веб порты
 
qGodless сказал(а):
are you related to enlancehacktivista? don't get me wrong i wanna thank you for showing it to us, but all your posts you mention it
Yes, im a contributor. The site is centered around hacktivism but i focus on the "Learn to Hack" section. Once i create a guide for xss and post about it, i refine it and publish it to enlace. Anyone is welcome to create an account and edit also its basically open source to anyone who wants to contribute. Do note its not for profit so me referencing it does not benefit me apart from teaching others tools, techniques, methods and resources, etc.

My motivation is to demystify hacking and breaking into networks. For the most part it's easier than what a lot of people think. My posts are targeted to noobs and to those who want to quickly get up to speed with breaking into networks. Eventually i want to show practical examples of: https://attack.mitre.org/tactics/TA0001 showing how to break into networks and cause chaos across the internet. What i currently show is very common with RaaS affiliates.
 
Последнее редактирование:
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх