「amap」の版間の差分
提供: セキュリティ
(同じ利用者による、間の1版が非表示) | |||
行1: | 行1: | ||
+ | <!-- | ||
+ | vim: ft=mediawiki | ||
+ | --> | ||
amap | amap | ||
行16: | 行19: | ||
== 使用例 == | == 使用例 == | ||
+ | |||
+ | === 80 ポートのテスト === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
行52: | 行57: | ||
f5eb10301cd655b151355be7db1f9d11cb708e849cfa20746f202f206e6f7420737570706f727465 | f5eb10301cd655b151355be7db1f9d11cb708e849cfa20746f202f206e6f7420737570706f727465 | ||
642e3c6272202f3e0a3c2f703e0a3c2f626f64793e3c2f68746d6c3e0a | 642e3c6272202f3e0a3c2f703e0a3c2f626f64793e3c2f68746d6c3e0a | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | === sshd に対するテスト === | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | % amap localhost 22 | ||
+ | amap v5.2 (www.thc.org/thc-amap) started at 2013-08-17 00:23:03 - MAPPING mode | ||
+ | |||
+ | Protocol on 127.0.0.1:22/tcp matches ssh | ||
+ | Protocol on 127.0.0.1:22/tcp matches ssh-openssh | ||
+ | |||
+ | Unidentified ports: none. | ||
+ | |||
+ | amap v5.2 finished at 2013-08-17 00:23:09 | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | sudo tail -f /var/log/auth.log | ||
+ | Aug 17 00:23:03 vm sshd[5902]: Bad protocol version identification '\200\200\001\003\001' from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5901]: Bad protocol version identification 'GET / HTTP/1.0' from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5916]: Bad protocol version identification '< NTP/1.2 >' from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5907]: Bad protocol version identification 'HELO AMAP' from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5914]: Bad protocol version identification '' from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5904]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5903]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5905]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5908]: Bad protocol version identification 'USER AMAP' from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5906]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5911]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5909]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5910]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5912]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5917]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5913]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5915]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5919]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5918]: Did not receive identification string from 127.0.0.1 | ||
+ | Aug 17 00:23:03 vm sshd[5920]: Did not receive identification string from 127.0.0.1 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
2013年8月17日 (土) 00:28時点における最新版
amap
読み方 えーまっぷ
概要
amap は、パワフルなアプリケーションマッパーです。 amap は、特定のポートで実行されているアプリケーションを特定するためのスキャニングツールです。
インストール
FreeBSDにインストールする場合
ports コレクションからインストールする場合
cd /usr/ports/security/amap sudo make install clean
pkgコマンドでインストールする場合
sudo pkg install amap
portmasterコマンドでインストールする場合
sudo portmaster -y -d /usr/ports/security/amap
portinstallコマンドでインストールする場合
sudo portinstall /usr/ports/security/amap
使用例
80 ポートのテスト
% amap localhost 80 amap v5.2 (www.thc.org/thc-amap) started at 2013-01-08 17:29:08 - MAPPING mode Protocol on 127.0.0.1:80/tcp matches http Protocol on 127.0.0.1:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.2 finished at 2013-01-08 17:29:14
% amapcrap localhost 80 # Starting AmapCrap on 127.0.0.1 port 80 # Writing a "+" for every 10 connect attempts # # Put this line into appdefs.trig: PROTOCOL_NAME::tcp:0:0x)).")+13/)4444,+.'0,1b*&31753a0+0*7c75)$736e16+,4f530,1e7 c640%)(2b+(0%/+10301c.&55,!51355b/'.+1f*-11-+70).)$*,0*000-0(4424-(*,*"*/08776c2 23a371b4a5e2145)#6c5702+&5e123157*$++47486b0%2f.)7f)(164b*&207d)'1a3129-"06-,0(1 2+&7f)*47)#/0*+733d-),-420*--.03b2c0#345331)/6a1e)'/!/,66,-+'022e687e5a)*10107e4 743*%*+)$53)"49,'2a350d*)0a04/,14+",!7b350a57+&62-(4e4a0+46*"..,//%3c16-/4838).( 040/07c./-)*$0!.(6845-.05.*-!,'/.)(2041)(0()/25*$7967,%+%19170#2e23+.,%-#--50+'2 d0%797b*!14+!2b)-0+/.,'21+-64)/ # Put this line into appdefs.resp: PROTOCOL_NAME::tcp::0x3c21444f43545950452048544d4c205055424c494320222d2f2f494554 462f2f4454442048544d4c20322e302f2f454e223e0a3c68746d6c3e3c686561643e0a3c7469746c 653e353031204d6574686f64204e6f7420496d706c656d656e7465643c2f7469746c653e0a3c2f68 6561643e3c626f64793e0a3c68313e4d6574686f64204e6f7420496d706c656d656e7465643c2f68 313e0a3c703e89d28b13e94444bbd7fc1b9631753afbfa7c7584736e16ac4f53fc1e7c64f5882ba8 f5eb10301cd655b151355be7db1f9d11cb708e849cfa20746f202f206e6f7420737570706f727465 642e3c6272202f3e0a3c2f703e0a3c2f626f64793e3c2f68746d6c3e0a
sshd に対するテスト
% amap localhost 22 amap v5.2 (www.thc.org/thc-amap) started at 2013-08-17 00:23:03 - MAPPING mode Protocol on 127.0.0.1:22/tcp matches ssh Protocol on 127.0.0.1:22/tcp matches ssh-openssh Unidentified ports: none. amap v5.2 finished at 2013-08-17 00:23:09
sudo tail -f /var/log/auth.log Aug 17 00:23:03 vm sshd[5902]: Bad protocol version identification '\200\200\001\003\001' from 127.0.0.1 Aug 17 00:23:03 vm sshd[5901]: Bad protocol version identification 'GET / HTTP/1.0' from 127.0.0.1 Aug 17 00:23:03 vm sshd[5916]: Bad protocol version identification '< NTP/1.2 >' from 127.0.0.1 Aug 17 00:23:03 vm sshd[5907]: Bad protocol version identification 'HELO AMAP' from 127.0.0.1 Aug 17 00:23:03 vm sshd[5914]: Bad protocol version identification '' from 127.0.0.1 Aug 17 00:23:03 vm sshd[5904]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5903]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5905]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5908]: Bad protocol version identification 'USER AMAP' from 127.0.0.1 Aug 17 00:23:03 vm sshd[5906]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5911]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5909]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5910]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5912]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5917]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5913]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5915]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5919]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5918]: Did not receive identification string from 127.0.0.1 Aug 17 00:23:03 vm sshd[5920]: Did not receive identification string from 127.0.0.1