"Experimental principle"
1) using the X-scan tool:
2) Vulnerability scanning: IPC, RPC, POP3, FTP, TELNET, WEB
3) Brute force: FTP, POP3, HTTP
"Experimental Steps"
First, set the X-scan parameter
1.1 In this machine, open the run interface to set up, click the parameter settings in the menu bar settings to enter the parameter setting interface
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/77/A6/wKiom1ZqipmQCjPeAACPCGXHzkA557.png "style=" float: none; "title=" 111111111.png "alt=" Wkiom1zqipmqcjpeaacpcgxhzka557.png "/>
1.2 Click the Load button to load the pre-set parameter file, save the current settings of the parameters of the information stored in a file, so that the next time the application can be read directly. Address Book adds pre-added addresses directly to an IP address
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/77/A5/wKioL1ZqiqSBTY4lAAFmQbX6ozU640.png "style=" float: none; "title=" 222222222.png "alt=" Wkiol1zqiqsbty4laafmqbx6ozu640.png "/>
Second, global settings: This module contains all the global scan options.
2.1 Scan module: mainly includes some service and protocol weak password and other information scanning, according to the dictionary to detect the host various services and the corresponding weak password, corresponding to each item has corresponding instructions
Note: If you select the FTP weak password option, to ensure the scan results, you should now set its security account option from the FTP site's Properties window in the virtual machine.
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/77/A6/wKiom1Zqiqeww9_8AACqT2OrkQQ801.png "style=" float: none; "title=" 333333333.png "alt=" Wkiom1zqiqeww9_8aacqt2orkqq801.png "/>
2.2 Concurrent Scan: The primary is to set the number of concurrent scans, including the maximum number of concurrent hosts, the maximum number of concurrent threads, and the maximum number of concurrent plug-ins. As shown in 6.
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/77/A6/wKiom1ZqiqzSVnYvAAE4u32FHpQ974.png "style=" float: none; "title=" 444444444.png "alt=" Wkiom1zqiqzsvnyvaae4u32fhpq974.png "/>
2.3 Scan Report: Set the report generation status after the scan is completed for the host. As shown in 7.
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/77/A5/wKioL1ZqirPD-XASAAEghHl1atw993.png "style=" float: none; "title=" 666666666.png "alt=" Wkiol1zqirpd-xasaaeghhl1atw993.png "/>
2.4 Other settings: mainly for the scanning process of the display and additional settings for the progress of the scan
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/77/A6/wKiom1Zqirag1y44AAEpRV3uHSk794.png "style=" float: none; "title=" 777777777.png "alt=" Wkiom1zqirag1y44aaeprv3uhsk794.png "/>
Third, plug-in Settings: This module contains the relevant settings for each scan plug-in.
3.1 Port-related settings: The main settings are the various ports you want to scan, the detection method, and the default ports for each service agreement. (This experiment mainly detects FTP weak password, so only 21 ports are filled in)
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/77/A5/wKioL1ZqisCzLPZoAAFiHU1GC30918.png "style=" float: none; "title=" 888888888.png "alt=" Wkiol1zqisczlpzoaafihu1gc30918.png "/>
3.2SNMP Related settings: Main settings detect SNMP related information
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/77/A6/wKiom1Zqis_xLtRnAAFDfQ7lPTA592.png "style=" float: none; "title=" 999999999.png "alt=" Wkiom1zqis_xltrnaafdfq7lpta592.png "/>
3.3NETBIOS Related settings: Main settings detect NetBIOS related information, 11.
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/77/A6/wKioL1ZqitXAgz36AAEv_YNC9Rs946.png "style=" float: none; "title=" 9999999999.png "alt=" Wkiol1zqitxagz36aaev_ync9rs946.png "/>
3.4 Vulnerability Detection script settings: mainly for each vulnerability written detection script to filter, select the script to be used, for convenience is generally set as a full selection, but also the pattern of their own need to choose
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/77/A6/wKiom1ZqitjhLryVAAFJ2pGCnt8884.png "style=" float: none; "title=" 99999999991.png "alt=" Wkiom1zqitjhlryvaafj2pgcnt8884.png "/>
3.5 CGI Related settings: Set some parameters of the CGI, as shown in 13.
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/77/A6/wKioL1ZqiuDDCswoAAFwLGrmYSQ165.png "style=" float: none; "title=" 99999999992.png "alt=" Wkiol1zqiuddcswoaafwlgrmysq165.png "/>
3.6 Dictionary File settings: mainly for the scanning process need to use the dictionary to select, you can manually add data dictionary,
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/77/A6/wKiom1Zqiuahr8lqAAE2XBSZWGA569.png "style=" float: none; "title=" 99999999993.png "alt=" Wkiom1zqiuahr8lqaae2xbszwga569.png "/>
Four, the scan:
4.1 After the setting is complete, click on the Green button or the menu file---start scanning for probing scanning, the speed of the scan with the network environment and native configuration, etc., different
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/77/A6/wKiom1ZqiujRKivaAACtqiccfWA404.png "style=" float: none; "title=" 99999999994.png "alt=" Wkiom1zqiujrkivaaactqiccfwa404.png "/>
4.2 Report generation: Reports are generated automatically when the scan is completed according to the report settings
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/77/A6/wKioL1ZqiuvDwSmRAACLOd2Tifw062.png "style=" float: none; "title=" 99999999995.png "alt=" Wkiol1zqiuvdwsmraaclod2tifw062.png "/>
4.3 Vulnerability test based on information obtained from Probe Scan report: FTP Weak password vulnerability detected, weak database password
4.4 Testing for vulnerability attacks
The collection of network information--Comprehensive scanning-x-scan