nmap扫描工控设备的脚本支持

news2024/12/27 12:03:02

参考资料

转自(http://www.360doc.com/content/15/1201/11/26186435_517125254.shtml)

介绍

NMAP是一款强大的网络扫描工具,除了普通的TCP/IP网络扫描之外,NMAP的扩展脚本功能为我们提供了更为广阔的应用范围。
针对脚本学习可以参考如下文章
《nmap脚本详解(非常详细)零基础入门到精通,收藏这一篇就够了》
通过配置脚本能够更为具体的判断设备的信息,目前标准版本里已经集成了607个脚本。

工控协议

简单介绍一下工控协议

  • CIP
    通用工业协议(Common Industrial Protocol,简称CIP)是一种应用在工业自动化的通信协议,由开放DeviceNet厂商协会(简称ODVA)所维护。以前的名称为控制信息协议(Control and Information Protocol,简称也是CIP)。通用工业协议,被deviceNet、ControlNet、EtherNet/IP三种网络所采用
  • Ethernet/lP
    EtherNet/IP是由罗克韦尔自动化公司开发的工业以太网通讯协定,由ODVA(ODVA)管理,可应用在程序控制及其他自动化的应用中,是通用工业协定(CIP)中的一部分。它建立在标准UDP/IP与TCP/IP协议之上,利用固定的以太网硬件和软件,为配置、访问和控制工业自动化设备定义了一个应用层协议。
    EtherNet/IP名称中的IP是“Industrial Protocol”(工业协议)的简称,和网际协议没有关系。
    EtherNet/IP将以太网的设备以预定义的设备种类加以分类,每种设备有其特别的行为,此外,EtherNet/IP设备可以:
    用用户数据报协议(UDP)的隐式报文传送基本I/O资料。
    用传输控制协议(TCP)的显式报文上传或下载参数、设定值、程式或配方。
    用主站轮询、从站周期性更新或是状态改变(COS)时更新的方式,方便主站监控从站的状态,讯息会用UDP的报文送出。
    用一对一、一对多或是广播的方式,透过用TCP的报文送出资料。
    EtherNet/IP使用TCP埠编号44818作为显式报文的处理,UDP埠编号2222作为隐式报文的处理。
  • PROFIBUS
    PROFIBUS是一个用在自动化技术的现场总线标准,在1987年由德国西门子公司等十四家公司及五个研究机构所推动,PROFIBUS是程序总线网络(PROcess FIeld BUS)的简称。PROFIBUS和用在工业以太网的PROFINET是二种不同的通信协议。是一种用于工厂自动化车间级监控和现场设备层数据通信与控制的现场总线技术,可实现现场设备层到车间级监控的分散式数字控制和现场通信网络。
  • DNP3
    DNP(Distributed Network Protocol,分布式网络协议)是一种应用于自动化组件之间的通讯协议,常见于电力、水处理等行业。简化OSI模型,只包含了物理层,数据层与应用层的体系结构(EPA)。SCADA可以使用DNP协议与主站、RTU、及IED进行通讯。
  • ICCP
    电力控制中心通讯协议。
  • OPC
    过程控制的OLE(OLE for Process Control)。OPC包括一整套接口、属性和方法的标准集,用于过程控制和制造业自动化系统。
  • BACnet
    楼宇自动控制网络数据通讯协议(A Data Communication Protocol for BuildingAutomation and Control Networks)。BACnet 协议是为计算机控制采暖、制冷、空调HVAC系统和其他建筑物设备系统定义服务和协议,
  • Siemens S7
    属于第7层的协议,用于西门子设备之间进行交换数据,通过TSAP,可加载MPIDP,以太网等不同物理结构总线或网络上,PLC一般可以通过封装好的通讯功能块实现。
  • 其他工控协议
    EC 60870-5-104、Tridium Niagara Fox、Crimson V3、OMRON FINS、PCWorx.ProConOs、MELSEC-Q

扫描插件

github上(https://github.com/digitalbond/Redpoint)提供了部分工控系统扫描插件

  • BACnet-discover-enumerate.nse
    用途:识别和枚举BACnet设备
    nmap -sU -Pn -p47808 -n --script BACnet-discover-enumerate <host>

  • enip-enumerate.nse
    识别和枚举Rockwell Automation(罗克韦尔自动化)等厂商的EtherNet/IP设备
    nmap -p44818 --script enip-enumeratehost <host>

  • fox-info.nse
    识别和枚举Niagara Fox(尼亚加拉福克斯)设备
    nmap -p1911--script fox-info <host>

  • modicon-info.nse
    识别和枚举Schneider Electric(施耐德电气)Modicon(子品牌)的PLC设备
    nmap -p502 --script modicon-info.nse -sV <host>

  • omron-info.nse
    识别和枚举Omron(欧姆龙)的PLC设备
    nmap -p9600 -script omontcp-info <host>
    nmap -sU -p9600 --script onronudp-info <host>

  • pcworx-info.nse
    识别和枚举使用了PC Worx的PLC设备
    nmap -p1962 --script pcworx-info -sV <host>

  • proconos-info.nse
    识别和枚举使用了ProConOs的PLC设备
    nmap -p20547 --script proconos-info -sV <host>

  • s7-enumerate.nse
    识别和枚举西门子SIMATIC S7系列PLC设备
    nmap -p102 --script s7-enumerate -sV <host>

实例演示

1、下载所有插件到本地(https://github.com/digitalbond/Redpoint)
2、所有插件复制到nmap的脚本文件夹下
使用相应脚本命令对目标进行检测
测试一个s7模拟器。
在这里插入图片描述

[root@c79 test]# nmap -p102 --script s7-enumerate.nse -sV 192.168.31.60
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-29 10:55 CST
NSE: DEPRECATION WARNING: bin.lua is deprecated. Please use Lua 5.3 string.pack
Nmap scan report for 192.168.31.60
Host is up (0.00017s latency).

PORT    STATE SERVICE  VERSION
102/tcp open  iso-tsap Siemens S7 PLC
| s7-info: 
|   Module: 6ES7 315-2EH14-0AB0 
|   Basic Hardware: 6ES7 315-2EH14-0AB0 
|   Version: 3.2.6
|   System Name: SNAP7-SERVER
|   Module Type: CPU 315-2 PN/DP
|   Serial Number: S C-C2UR28922012
|_  Copyright: Original Siemens Equipment
| s7-enumerate: 
|   Module: 6ES7 315-2EH14-0AB0 
|   Basic Hardware: 6ES7 315-2EH14-0AB0 
|   Version: 3.2.6
|   System Name: SNAP7-SERVER
|   Module Type: CPU 315-2 PN/DP
|   Serial Number: S C-C2UR28922012
|_  Copyright: Original Siemens Equipment
| fingerprint-strings: 
|   TerminalServerCookie: 
|_    Cookie: mstshash=nmap
MAC Address: 94:09:D3:10:33:61 (shenzhen maxtopic technology)
Service Info: Device: specialized

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 156.79 seconds

2、拓展
其实在nmap版本中自带了很多script。涵盖了不少常见的网络协议,这些脚本可以扩展出一些私有的数据。

[root@c79 test]# ls /usr/share/nmap/scripts/
acarsd-info.nse                       finger.nse                              http-svn-enum.nse                ms-sql-tables.nse               smb-print-text.nse
address-info.nse                      fingerprint-strings.nse                 http-svn-info.nse                ms-sql-xp-cmdshell.nse          smb-protocols.nse
afp-brute.nse                         firewalk.nse                            http-title.nse                   mtrace.nse                      smb-psexec.nse
afp-ls.nse                            firewall-bypass.nse                     http-tplink-dir-traversal.nse    murmur-version.nse              smb-security-mode.nse
afp-path-vuln.nse                     flume-master-info.nse                   http-trace.nse                   mysql-audit.nse                 smb-server-stats.nse
afp-serverinfo.nse                    fox-info.nse                            http-traceroute.nse              mysql-brute.nse                 smb-system-info.nse
afp-showmount.nse                     freelancer-info.nse                     http-trane-info.nse              mysql-databases.nse             smb-vuln-conficker.nse
ajp-auth.nse                          ftp-anon.nse                            http-unsafe-output-escaping.nse  mysql-dump-hashes.nse           smb-vuln-cve2009-3103.nse
ajp-brute.nse                         ftp-bounce.nse                          http-useragent-tester.nse        mysql-empty-password.nse        smb-vuln-cve-2017-7494.nse
ajp-headers.nse                       ftp-brute.nse                           http-userdir-enum.nse            mysql-enum.nse                  smb-vuln-ms06-025.nse
ajp-methods.nse                       ftp-libopie.nse                         http-vhosts.nse                  mysql-info.nse                  smb-vuln-ms07-029.nse
ajp-request.nse                       ftp-proftpd-backdoor.nse                http-virustotal.nse              mysql-query.nse                 smb-vuln-ms08-067.nse
allseeingeye-info.nse                 ftp-syst.nse                            http-vlcstreamer-ls.nse          mysql-users.nse                 smb-vuln-ms10-054.nse
amqp-info.nse                         ftp-vsftpd-backdoor.nse                 http-vmware-path-vuln.nse        mysql-variables.nse             smb-vuln-ms10-061.nse
asn-query.nse                         ftp-vuln-cve2010-4221.nse               http-vuln-cve2006-3392.nse       mysql-vuln-cve2012-2122.nse     smb-vuln-ms17-010.nse
auth-owners.nse                       ganglia-info.nse                        http-vuln-cve2009-3960.nse       nat-pmp-info.nse                smb-vuln-regsvc-dos.nse
auth-spoof.nse                        giop-info.nse                           http-vuln-cve2010-0738.nse       nat-pmp-mapport.nse             smb-vuln-webexec.nse
backorifice-brute.nse                 gkrellm-info.nse                        http-vuln-cve2010-2861.nse       nbd-info.nse                    smb-webexec-exploit.nse
backorifice-info.nse                  gopher-ls.nse                           http-vuln-cve2011-3192.nse       nbns-interfaces.nse             smtp-brute.nse
bacnet-info.nse                       gpsd-info.nse                           http-vuln-cve2011-3368.nse       nbstat.nse                      smtp-commands.nse
banner.nse                            hadoop-datanode-info.nse                http-vuln-cve2012-1823.nse       ncp-enum-users.nse              smtp-enum-users.nse
bitcoin-getaddr.nse                   hadoop-jobtracker-info.nse              http-vuln-cve2013-0156.nse       ncp-serverinfo.nse              smtp-ntlm-info.nse
bitcoin-info.nse                      hadoop-namenode-info.nse                http-vuln-cve2013-6786.nse       ndmp-fs-info.nse                smtp-open-relay.nse
bitcoinrpc-info.nse                   hadoop-secondary-namenode-info.nse      http-vuln-cve2013-7091.nse       ndmp-version.nse                smtp-strangeport.nse
bittorrent-discovery.nse              hadoop-tasktracker-info.nse             http-vuln-cve2014-2126.nse       nessus-brute.nse                smtp-vuln-cve2010-4344.nse
bjnp-discover.nse                     hbase-master-info.nse                   http-vuln-cve2014-2127.nse       nessus-xmlrpc-brute.nse         smtp-vuln-cve2011-1720.nse
broadcast-ataoe-discover.nse          hbase-region-info.nse                   http-vuln-cve2014-2128.nse       netbus-auth-bypass.nse          smtp-vuln-cve2011-1764.nse
broadcast-avahi-dos.nse               hddtemp-info.nse                        http-vuln-cve2014-2129.nse       netbus-brute.nse                sniffer-detect.nse
broadcast-bjnp-discover.nse           hnap-info.nse                           http-vuln-cve2014-3704.nse       netbus-info.nse                 snmp-brute.nse
broadcast-db2-discover.nse            hostmap-bfk.nse                         http-vuln-cve2014-8877.nse       netbus-version.nse              snmp-hh3c-logins.nse
broadcast-dhcp6-discover.nse          hostmap-crtsh.nse                       http-vuln-cve2015-1427.nse       nexpose-brute.nse               snmp-info.nse
broadcast-dhcp-discover.nse           hostmap-robtex.nse                      http-vuln-cve2015-1635.nse       nfs-ls.nse                      snmp-interfaces.nse
broadcast-dns-service-discovery.nse   http-adobe-coldfusion-apsa1301.nse      http-vuln-cve2017-1001000.nse    nfs-showmount.nse               snmp-ios-config.nse
broadcast-dropbox-listener.nse        http-affiliate-id.nse                   http-vuln-cve2017-5638.nse       nfs-statfs.nse                  snmp-netstat.nse
broadcast-eigrp-discovery.nse         http-apache-negotiation.nse             http-vuln-cve2017-5689.nse       nje-node-brute.nse              snmp-processes.nse
broadcast-hid-discoveryd.nse          http-apache-server-status.nse           http-vuln-cve2017-8917.nse       nje-pass-brute.nse              snmp-sysdescr.nse
broadcast-igmp-discovery.nse          http-aspnet-debug.nse                   http-vuln-misfortune-cookie.nse  nntp-ntlm-info.nse              snmp-win32-services.nse
broadcast-jenkins-discover.nse        http-auth-finder.nse                    http-vuln-wnr1000-creds.nse      nping-brute.nse                 snmp-win32-shares.nse
broadcast-listener.nse                http-auth.nse                           http-waf-detect.nse              nrpe-enum.nse                   snmp-win32-software.nse
broadcast-ms-sql-discover.nse         http-avaya-ipoffice-users.nse           http-waf-fingerprint.nse         ntp-info.nse                    snmp-win32-users.nse
broadcast-netbios-master-browser.nse  http-awstatstotals-exec.nse             http-webdav-scan.nse             ntp-monlist.nse                 socks-auth-info.nse
broadcast-networker-discover.nse      http-axis2-dir-traversal.nse            http-wordpress-brute.nse         omp2-brute.nse                  socks-brute.nse
broadcast-novell-locate.nse           http-backup-finder.nse                  http-wordpress-enum.nse          omp2-enum-targets.nse           socks-open-proxy.nse
broadcast-ospf2-discover.nse          http-barracuda-dir-traversal.nse        http-wordpress-users.nse         omron-info.nse                  ssh2-enum-algos.nse
broadcast-pc-anywhere.nse             http-bigip-cookie.nse                   http-xssed.nse                   openflow-info.nse               ssh-auth-methods.nse
broadcast-pc-duo.nse                  http-brute.nse                          iax2-brute.nse                   openlookup-info.nse             ssh-brute.nse
broadcast-pim-discovery.nse           http-cakephp-version.nse                iax2-version.nse                 openvas-otp-brute.nse           ssh-hostkey.nse
broadcast-ping.nse                    http-chrono.nse                         icap-info.nse                    openwebnet-discovery.nse        ssh-publickey-acceptance.nse
broadcast-pppoe-discover.nse          http-cisco-anyconnect.nse               iec-identify.nse                 oracle-brute.nse                ssh-run.nse
broadcast-rip-discover.nse            http-coldfusion-subzero.nse             ike-version.nse                  oracle-brute-stealth.nse        sshv1.nse
broadcast-ripng-discover.nse          http-comments-displayer.nse             imap-brute.nse                   oracle-enum-users.nse           ssl-ccs-injection.nse
broadcast-sonicwall-discover.nse      http-config-backup.nse                  imap-capabilities.nse            oracle-sid-brute.nse            ssl-cert-intaddr.nse
broadcast-sybase-asa-discover.nse     http-cookie-flags.nse                   imap-ntlm-info.nse               oracle-tns-version.nse          ssl-cert.nse
broadcast-tellstick-discover.nse      http-cors.nse                           impress-remote-discover.nse      ovs-agent-version.nse           ssl-date.nse
broadcast-upnp-info.nse               http-cross-domain-policy.nse            informix-brute.nse               p2p-conficker.nse               ssl-dh-params.nse
broadcast-versant-locate.nse          http-csrf.nse                           informix-query.nse               path-mtu.nse                    ssl-enum-ciphers.nse
broadcast-wake-on-lan.nse             http-date.nse                           informix-tables.nse              pcanywhere-brute.nse            ssl-heartbleed.nse
broadcast-wpad-discover.nse           http-default-accounts.nse               ip-forwarding.nse                pcworx-info.nse                 ssl-known-key.nse
broadcast-wsdd-discover.nse           http-devframework.nse                   ip-geolocation-geoplugin.nse     pgsql-brute.nse                 ssl-poodle.nse
broadcast-xdmcp-discover.nse          http-dlink-backdoor.nse                 ip-geolocation-ipinfodb.nse      pjl-ready-message.nse           sslv2-drown.nse
cassandra-brute.nse                   http-dombased-xss.nse                   ip-geolocation-map-bing.nse      pop3-brute.nse                  sslv2.nse
cassandra-info.nse                    http-domino-enum-passwords.nse          ip-geolocation-map-google.nse    pop3-capabilities.nse           sstp-discover.nse
cccam-version.nse                     http-drupal-enum.nse                    ip-geolocation-map-kml.nse       pop3-ntlm-info.nse              stun-info.nse
cics-enum.nse                         http-drupal-enum-users.nse              ip-geolocation-maxmind.nse       port-states.nse                 stun-version.nse
cics-info.nse                         http-enum.nse                           ip-https-discover.nse            pptp-version.nse                stuxnet-detect.nse
cics-user-brute.nse                   http-errors.nse                         ipidseq.nse                      puppet-naivesigning.nse         supermicro-ipmi-conf.nse
cics-user-enum.nse                    http-exif-spider.nse                    ipmi-brute.nse                   qconn-exec.nse                  svn-brute.nse
citrix-brute-xml.nse                  http-favicon.nse                        ipmi-cipher-zero.nse             qscan.nse                       targets-asn.nse
citrix-enum-apps.nse                  http-feed.nse                           ipmi-version.nse                 quake1-info.nse                 targets-ipv6-map4to6.nse
citrix-enum-apps-xml.nse              http-fetch.nse                          ipv6-multicast-mld-list.nse      quake3-info.nse                 targets-ipv6-multicast-echo.nse
citrix-enum-servers.nse               http-fileupload-exploiter.nse           ipv6-node-info.nse               quake3-master-getservers.nse    targets-ipv6-multicast-invalid-dst.nse
citrix-enum-servers-xml.nse           http-form-brute.nse                     ipv6-ra-flood.nse                rdp-enum-encryption.nse         targets-ipv6-multicast-mld.nse
clamav-exec.nse                       http-form-fuzzer.nse                    irc-botnet-channels.nse          rdp-ntlm-info.nse               targets-ipv6-multicast-slaac.nse
clock-skew.nse                        http-frontpage-login.nse                irc-brute.nse                    rdp-vuln-ms12-020.nse           targets-ipv6-wordlist.nse
coap-resources.nse                    http-generator.nse                      irc-info.nse                     realvnc-auth-bypass.nse         targets-sniffer.nse
couchdb-databases.nse                 http-git.nse                            irc-sasl-brute.nse               redis-brute.nse                 targets-traceroute.nse
couchdb-stats.nse                     http-gitweb-projects-enum.nse           irc-unrealircd-backdoor.nse      redis-info.nse                  targets-xml.nse
creds-summary.nse                     http-google-malware.nse                 iscsi-brute.nse                  resolveall.nse                  teamspeak2-version.nse
cups-info.nse                         http-grep.nse                           iscsi-info.nse                   reverse-index.nse               telnet-brute.nse
cups-queue-info.nse                   http-headers.nse                        isns-info.nse                    rexec-brute.nse                 telnet-encryption.nse
cvs-brute.nse                         http-hp-ilo-info.nse                    jdwp-exec.nse                    rfc868-time.nse                 telnet-ntlm-info.nse
cvs-brute-repository.nse              http-huawei-hg5xx-vuln.nse              jdwp-info.nse                    riak-http-info.nse              tftp-enum.nse
daap-get-library.nse                  http-icloud-findmyiphone.nse            jdwp-inject.nse                  rlogin-brute.nse                tftp-version.nse
daytime.nse                           http-icloud-sendmsg.nse                 jdwp-version.nse                 rmi-dumpregistry.nse            tls-alpn.nse
db2-das-info.nse                      http-iis-short-name-brute.nse           knx-gateway-discover.nse         rmi-vuln-classloader.nse        tls-nextprotoneg.nse
deluge-rpc-brute.nse                  http-iis-webdav-vuln.nse                knx-gateway-info.nse             rpcap-brute.nse                 tls-ticketbleed.nse
dhcp-discover.nse                     http-internal-ip-disclosure.nse         krb5-enum-users.nse              rpcap-info.nse                  tn3270-screen.nse
dicom-brute.nse                       http-joomla-brute.nse                   ldap-brute.nse                   rpc-grind.nse                   tor-consensus-checker.nse
dicom-ping.nse                        http-jsonp-detection.nse                ldap-novell-getpass.nse          rpcinfo.nse                     traceroute-geolocation.nse
dict-info.nse                         http-litespeed-sourcecode-download.nse  ldap-rootdse.nse                 rsa-vuln-roca.nse               tso-brute.nse
distcc-cve2004-2687.nse               http-ls.nse                             ldap-search.nse                  rsync-brute.nse                 tso-enum.nse
dns-blacklist.nse                     http-majordomo2-dir-traversal.nse       lexmark-config.nse               rsync-list-modules.nse          ubiquiti-discovery.nse
dns-brute.nse                         http-malware-host.nse                   llmnr-resolve.nse                rtsp-methods.nse                unittest.nse
dns-cache-snoop.nse                   http-mcmp.nse                           lltd-discovery.nse               rtsp-url-brute.nse              unusual-port.nse
dns-check-zone.nse                    http-methods.nse                        lu-enum.nse                      rusers.nse                      upnp-info.nse
dns-client-subnet-scan.nse            http-method-tamper.nse                  maxdb-info.nse                   s7-info.nse                     uptime-agent-info.nse
dns-fuzz.nse                          http-mobileversion-checker.nse          mcafee-epo-agent.nse             samba-vuln-cve-2012-1182.nse    url-snarf.nse
dns-ip6-arpa-scan.nse                 http-ntlm-info.nse                      membase-brute.nse                script.db                       ventrilo-info.nse
dns-nsec3-enum.nse                    http-open-proxy.nse                     membase-http-info.nse            servicetags.nse                 versant-info.nse
dns-nsec-enum.nse                     http-open-redirect.nse                  memcached-info.nse               shodan-api.nse                  vmauthd-brute.nse
dns-nsid.nse                          http-passwd.nse                         metasploit-info.nse              sip-brute.nse                   vmware-version.nse
dns-random-srcport.nse                http-phpmyadmin-dir-traversal.nse       metasploit-msgrpc-brute.nse      sip-call-spoof.nse              vnc-brute.nse
dns-random-txid.nse                   http-phpself-xss.nse                    metasploit-xmlrpc-brute.nse      sip-enum-users.nse              vnc-info.nse
dns-recursion.nse                     http-php-version.nse                    mikrotik-routeros-brute.nse      sip-methods.nse                 vnc-title.nse
dns-service-discovery.nse             http-proxy-brute.nse                    mmouse-brute.nse                 skypev2-version.nse             voldemort-info.nse
dns-srv-enum.nse                      http-put.nse                            mmouse-exec.nse                  smb2-capabilities.nse           vtam-enum.nse
dns-update.nse                        http-qnap-nas-info.nse                  modbus-discover.nse              smb2-security-mode.nse          vulners.nse
dns-zeustracker.nse                   http-referer-checker.nse                mongodb-brute.nse                smb2-time.nse                   vuze-dht-info.nse
dns-zone-transfer.nse                 http-rfi-spider.nse                     mongodb-databases.nse            smb2-vuln-uptime.nse            wdb-version.nse
docker-version.nse                    http-robots.txt.nse                     mongodb-info.nse                 smb-brute.nse                   weblogic-t3-info.nse
domcon-brute.nse                      http-robtex-reverse-ip.nse              mqtt-subscribe.nse               smb-double-pulsar-backdoor.nse  whois-domain.nse
domcon-cmd.nse                        http-robtex-shared-ns.nse               mrinfo.nse                       smb-enum-domains.nse            whois-ip.nse
domino-enum-users.nse                 http-sap-netweaver-leak.nse             msrpc-enum.nse                   smb-enum-groups.nse             wsdd-discover.nse
dpap-brute.nse                        http-security-headers.nse               ms-sql-brute.nse                 smb-enum-processes.nse          x11-access.nse
drda-brute.nse                        http-server-header.nse                  ms-sql-config.nse                smb-enum-services.nse           xdmcp-discover.nse
drda-info.nse                         http-shellshock.nse                     ms-sql-dac.nse                   smb-enum-sessions.nse           xmlrpc-methods.nse
duplicates.nse                        http-sitemap-generator.nse              ms-sql-dump-hashes.nse           smb-enum-shares.nse             xmpp-brute.nse
eap-info.nse                          http-slowloris-check.nse                ms-sql-empty-password.nse        smb-enum-users.nse              xmpp-info.nse
enip-info.nse                         http-slowloris.nse                      ms-sql-hasdbaccess.nse           smb-flood.nse
epmd-info.nse                         http-sql-injection.nse                  ms-sql-info.nse                  smb-ls.nse
eppc-enum-processes.nse               https-redirect.nse                      ms-sql-ntlm-info.nse             smb-mbenum.nse
fcrdns.nse                            http-stored-xss.nse                     ms-sql-query.nse                 smb-os-discovery.nse

随便测试一下s7的脚本

[root@c79 test]# nmap -p102 --script s7-info -sV 192.168.31.60                            
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-29 13:52 CST
Nmap scan report for 192.168.31.60
Host is up (0.00012s latency).

PORT    STATE SERVICE  VERSION
102/tcp open  iso-tsap Siemens S7 PLC
| s7-info: 
|   Module: 6ES7 315-2EH14-0AB0 
|   Basic Hardware: 6ES7 315-2EH14-0AB0 
|   Version: 3.2.6
|   System Name: SNAP7-SERVER
|   Module Type: CPU 315-2 PN/DP
|   Serial Number: S C-C2UR28922012
|_  Copyright: Original Siemens Equipment
| fingerprint-strings: 
|   TerminalServerCookie: 
|_    Cookie: mstshash=nmap
MAC Address: 94:09:D3:10:33:61 (shenzhen maxtopic technology)
Service Info: Device: specialized

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 156.53 seconds

似乎和前面的也没有区别,看来已经集成到标准版本里了。
测试modbus发现
在这里插入图片描述

[root@c79 test]# nmap -p502 --script modbus-discover -sV 192.168.31.60                  
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-29 13:50 CST
Nmap scan report for 192.168.31.60
Host is up (0.00023s latency).

PORT    STATE SERVICE VERSION
502/tcp open  modbus
| modbus-discover: 
|   sid 0x1: 
|_    error: ILLEGAL FUNCTION
MAC Address: 94:09:D3:10:33:61 (shenzhen maxtopic technology)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.33 seconds

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/1634920.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

构建下一代去中心化应用:基于BASE链的DApp开发

在区块链技术的快速发展中&#xff0c;去中心化应用&#xff08;Decentralized Applications&#xff0c;DApps&#xff09;已经成为了一个热门话题。这些应用通过区块链技术&#xff0c;实现了去中心化、透明、安全和不可篡改的特性&#xff0c;为用户提供了全新的体验和解决方…

js使用echarts图表的柱状图的使用

效果图&#xff1a; 代码&#xff1a; <!DOCTYPE html> <html> <head><title>Bar Chart with Custom Label</title><script src"https://cdn.jsdelivr.net/npm/echarts5.2.2/dist/echarts.min.js"></script> </head&…

Linux编辑器调试器 gcc/g++ gdb 编译过程及使用讲解

这恋爱呀 我有两不谈 第一异性不谈 因为我们性别不一样 我知道的她不知道相处起来太累 第二同性不谈 因为我们性别一样 我知道的他也知道相处起来太无聊了 –❀–❀–❀–❀–❀–❀–❀–❀–❀–❀–❀–❀–❀–❀–❀–❀–❀–❀–❀-正文开始-❀–❀–❀–❀–❀–❀–…

stm32f103c8t6学习笔记(学习B站up江科大自化协)-UNIX时间戳、BKPRTC

UNIX时间戳 UNIX时间戳最早是在UNIX系统使用的&#xff0c;所以叫做UNIX时间戳&#xff0c;之后很多由UNIX演变而来的系统也继承了UNIX时间戳的规定&#xff0c;目前linux&#xff0c;windows&#xff0c;安卓这些操作系统的底层计时系统都是用UNIX时间戳 时间戳这个计时系统和…

numpy+matplotlib绘制玫瑰线图案

【第10次课]实验十一数据可视化及应用】 声明&#xff1a;著作权归作者所有。商业转载请联系作者获得授权&#xff0c;非商业转载请注明出处。 1.简答题 本实验绘制简单图形&#xff0c;要导入numpy库函数和matplotlib.pyplot子库函数: import matplotlib.pyplot as plt impor…

iOS 17上如何恢复数据?iOS 17 数据恢复软件

“您好&#xff0c;我正在为我的 iPhone 寻找一款iOS 17 数据恢复软件。升级到 iOS 17 后&#xff0c;我丢失了 iPhone 上的所有照片、联系人和消息。有什么建议吗&#xff1f;” ——丹尼 iOS 17数据恢复软件下载 升级到iOS 17后如何恢复丢失的数据&#xff1f;由于在 iPhone…

【保姆级讲解如何安装与配置Xcode】

&#x1f308;个人主页: 程序员不想敲代码啊 &#x1f3c6;CSDN优质创作者&#xff0c;CSDN实力新星&#xff0c;CSDN博客专家 &#x1f44d;点赞⭐评论⭐收藏 &#x1f91d;希望本文对您有所裨益&#xff0c;如有不足之处&#xff0c;欢迎在评论区提出指正&#xff0c;让我们共…

国内各种免费AI聊天机器人(ChatGPT)推荐(上)

作者主页&#xff1a;点击&#xff01; 国内免费AI推荐专栏&#xff1a;点击&#xff01; 创作时间&#xff1a;2024年4月27日11点25分 欢迎来到AI聊天机器人推荐系列的第一篇文章&#xff01; 在这个系列中&#xff0c;我将引领您探索国内各种AI聊天机器人的精彩世界。 从…

Linux内核之临时映射内核内存:kmap_atomic用法实例(六十二)

简介&#xff1a; CSDN博客专家&#xff0c;专注Android/Linux系统&#xff0c;分享多mic语音方案、音视频、编解码等技术&#xff0c;与大家一起成长&#xff01; 优质专栏&#xff1a;Audio工程师进阶系列【原创干货持续更新中……】&#x1f680; 优质专栏&#xff1a;多媒…

解决Android Studio安卓开发写入文件问题

有很多小伙伴想把文件写进安卓系统储存失败&#xff0c;类似下面的代码 val file File("account.txt")val writer BufferedWriter(FileWriter(file))writer.use {it.write(username "," password)} 用java方式写入读出文件但是显示成功但是找不到文件…

react-lib 读取本地模板创建PDF

读取本地文件和读取远程的一样&#xff0c;都使用fetch去获取 async function modifyPdf() {let url ./template.pdflet existingPdfBytes await fetch(url).then(res > res.arrayBuffer()) // 这里也有问题要转一下const d new Uint8Array(existingPdfBytes)const pdfDo…

鸿蒙开发面试真题——面向对象

鸿蒙开发面向对象的面试题是近年来在软件开发领域中备受关注的话题。作为一种新兴的操作系统&#xff0c;鸿蒙系统的开发者需要具备扎实的面向对象编程知识和丰富的开发经验。在面试中&#xff0c;面试官常常会通过一系列的问题来考察面试者对于鸿蒙开发面向对象的理解和应用能…

第1章 手写WebServer

1.1 Web原理 1.1.1 Web概述 Web是指互联网上的万维网&#xff08;World Wide Web&#xff09;&#xff0c;是一个由超文本、超链接和多媒体内容组成的信息空间。Web的基础技术是HTTP协议、URL、HTML、CSS和JavaScript等。Web被广泛应用于信息检索、在线购物、社交媒体、在线游…

区块链交易所开发

在当今数字化时代&#xff0c;区块链技术以其独特的去中心化、安全性和透明性&#xff0c;正在逐步改变我们的生活。其中&#xff0c;区块链交易所作为连接区块链技术与广大投资者的桥梁&#xff0c;其开发与发展备受关注。本文将从技术进步与市场需求两个维度&#xff0c;探讨…

【前端】表格合并如何实现?

简言 介绍实现表格合并的一种方法。 表格合并 表格合并操作是一个比较复杂的操作&#xff0c;它主要分为以下步骤&#xff1a; 获取选中区域选择合并显示的单元格实现合并操作。 我们就逐一实现这三步&#xff0c;最后实现一个较完整的合并操作。&#xff08;不考虑边界情…

点成分享 | 温度控制的艺术:TX150系列水浴中的稳定性与均匀性解析

前言 在实验室和工业生产中&#xff0c;温度控制对于确保实验结果的精确性和产品的高质量至关重要&#xff0c;尤其是针对温度敏感的样品和原材料&#xff0c;如蛋白酶等&#xff0c;微小的温度误差都会对实验结果可靠性和生产质量造成影响。而在控温性能中&#xff0c;稳定性…

Pytorch入门实战 P08-YOLOv5里面的C3模块实现

目录 1、YOLOv5骨干网络模型图&#xff1a; 2、C3模块介绍&#xff1a; 3、C3模块的主要代码&#xff1a; 4、完整的code 5、运行结果展示&#xff1a; &#xff08;1&#xff09;使用SGD优化器 &#xff08;2&#xff09;使用Adam优化器 &#x1f368; 本文为&#x1f…

2024年必应bing广告推广开户有什么条件?

必应Bing作为全球领先的搜索引擎之一&#xff0c;其广告平台正为无数企业开辟着新的市场蓝海。如果您正寻求在必应Bing上投放广告&#xff0c;提升品牌影响力和市场份额&#xff0c;那么了解开户条件并找到一位可靠的合作伙伴至关重要。云衔科技&#xff0c;作为数字营销领域的…

Jetson Orin NX L4T35.5.0平台LT6911芯片 调试记录(2)vi discarding frame问题调试

基于上篇调试记录 Jetson Orin NX L4T35.5.0平台LT6911芯片 调试记录(1)MIPI问题调试-CSDN博客 1.前言 当通过gstreamer持续捕获视频设备时,帧数会下降,并且I输入越高,丢失的帧数越多。 当达到4k30hz时,它完全无法使用,系统会在几秒钟的收集后崩溃并重新启动 4k30hz …

使用yolo识别模型对比两张图片并标记不同(2)

上篇文章有漏洞&#xff0c;在这里补充下&#xff0c;比如要识别第二张图相对于第一张图的违建是否拆除了 第一步旋转对其后&#xff0c;图片会有黑色的掩码&#xff0c;如果旋转角度大的话&#xff0c;没识别出来的框可能不是已经拆除了&#xff0c;而是因为黑色掩码遮挡&…