「amap」の版間の差分

提供: セキュリティ
移動: 案内検索
 
(同じ利用者による、間の1版が非表示)
行1: 行1:
 +
<!--
 +
vim: ft=mediawiki
 +
-->
 
amap
 
amap
  
行16: 行19:
  
 
== 使用例 ==
 
== 使用例 ==
 +
 +
=== 80 ポートのテスト ===
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
行52: 行57:
 
f5eb10301cd655b151355be7db1f9d11cb708e849cfa20746f202f206e6f7420737570706f727465
 
f5eb10301cd655b151355be7db1f9d11cb708e849cfa20746f202f206e6f7420737570706f727465
 
642e3c6272202f3e0a3c2f703e0a3c2f626f64793e3c2f68746d6c3e0a
 
642e3c6272202f3e0a3c2f703e0a3c2f626f64793e3c2f68746d6c3e0a
 +
</syntaxhighlight>
 +
 +
=== sshd に対するテスト ===
 +
 +
<syntaxhighlight lang="bash">
 +
% amap localhost 22
 +
amap v5.2 (www.thc.org/thc-amap) started at 2013-08-17 00:23:03 - MAPPING mode
 +
 +
Protocol on 127.0.0.1:22/tcp matches ssh
 +
Protocol on 127.0.0.1:22/tcp matches ssh-openssh
 +
 +
Unidentified ports: none.
 +
 +
amap v5.2 finished at 2013-08-17 00:23:09
 +
</syntaxhighlight>
 +
 +
<syntaxhighlight lang="bash">
 +
sudo tail -f  /var/log/auth.log
 +
Aug 17 00:23:03 vm sshd[5902]: Bad protocol version identification '\200\200\001\003\001' from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5901]: Bad protocol version identification 'GET / HTTP/1.0' from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5916]: Bad protocol version identification '< NTP/1.2 >' from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5907]: Bad protocol version identification 'HELO AMAP' from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5914]: Bad protocol version identification '' from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5904]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5903]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5905]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5908]: Bad protocol version identification 'USER AMAP' from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5906]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5911]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5909]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5910]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5912]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5917]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5913]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5915]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5919]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5918]: Did not receive identification string from 127.0.0.1
 +
Aug 17 00:23:03 vm sshd[5920]: Did not receive identification string from 127.0.0.1
 
</syntaxhighlight>
 
</syntaxhighlight>
  

2013年8月17日 (土) 00:28時点における最新版

amap

読み方 えーまっぷ

概要

amap は、パワフルなアプリケーションマッパーです。 amap は、特定のポートで実行されているアプリケーションを特定するためのスキャニングツールです。

インストール

FreeBSDにインストールする場合

ports コレクションからインストールする場合

cd /usr/ports/security/amap
sudo make install clean

pkgコマンドでインストールする場合

sudo pkg install amap

portmasterコマンドでインストールする場合

sudo portmaster -y -d /usr/ports/security/amap

portinstallコマンドでインストールする場合

sudo portinstall /usr/ports/security/amap

使用例

80 ポートのテスト

% amap localhost 80
amap v5.2 (www.thc.org/thc-amap) started at 2013-01-08 17:29:08 - MAPPING mode
 
Protocol on 127.0.0.1:80/tcp matches http
Protocol on 127.0.0.1:80/tcp matches http-apache-2
 
Unidentified ports: none.
 
amap v5.2 finished at 2013-01-08 17:29:14
% amapcrap localhost 80
# Starting AmapCrap on 127.0.0.1 port 80
# Writing a "+" for every 10 connect attempts
#
 
# Put this line into appdefs.trig:
PROTOCOL_NAME::tcp:0:0x)).")+13/)4444,+.'0,1b*&31753a0+0*7c75)$736e16+,4f530,1e7
c640%)(2b+(0%/+10301c.&55,!51355b/'.+1f*-11-+70).)$*,0*000-0(4424-(*,*"*/08776c2
23a371b4a5e2145)#6c5702+&5e123157*$++47486b0%2f.)7f)(164b*&207d)'1a3129-"06-,0(1
2+&7f)*47)#/0*+733d-),-420*--.03b2c0#345331)/6a1e)'/!/,66,-+'022e687e5a)*10107e4
743*%*+)$53)"49,'2a350d*)0a04/,14+",!7b350a57+&62-(4e4a0+46*"..,//%3c16-/4838).(
040/07c./-)*$0!.(6845-.05.*-!,'/.)(2041)(0()/25*$7967,%+%19170#2e23+.,%-#--50+'2
d0%797b*!14+!2b)-0+/.,'21+-64)/
 
# Put this line into appdefs.resp:
PROTOCOL_NAME::tcp::0x3c21444f43545950452048544d4c205055424c494320222d2f2f494554
462f2f4454442048544d4c20322e302f2f454e223e0a3c68746d6c3e3c686561643e0a3c7469746c
653e353031204d6574686f64204e6f7420496d706c656d656e7465643c2f7469746c653e0a3c2f68
6561643e3c626f64793e0a3c68313e4d6574686f64204e6f7420496d706c656d656e7465643c2f68
313e0a3c703e89d28b13e94444bbd7fc1b9631753afbfa7c7584736e16ac4f53fc1e7c64f5882ba8
f5eb10301cd655b151355be7db1f9d11cb708e849cfa20746f202f206e6f7420737570706f727465
642e3c6272202f3e0a3c2f703e0a3c2f626f64793e3c2f68746d6c3e0a

sshd に対するテスト

% amap localhost 22
amap v5.2 (www.thc.org/thc-amap) started at 2013-08-17 00:23:03 - MAPPING mode
 
Protocol on 127.0.0.1:22/tcp matches ssh
Protocol on 127.0.0.1:22/tcp matches ssh-openssh
 
Unidentified ports: none.
 
amap v5.2 finished at 2013-08-17 00:23:09
sudo tail -f  /var/log/auth.log
Aug 17 00:23:03 vm sshd[5902]: Bad protocol version identification '\200\200\001\003\001' from 127.0.0.1
Aug 17 00:23:03 vm sshd[5901]: Bad protocol version identification 'GET / HTTP/1.0' from 127.0.0.1
Aug 17 00:23:03 vm sshd[5916]: Bad protocol version identification '< NTP/1.2 >' from 127.0.0.1
Aug 17 00:23:03 vm sshd[5907]: Bad protocol version identification 'HELO AMAP' from 127.0.0.1
Aug 17 00:23:03 vm sshd[5914]: Bad protocol version identification '' from 127.0.0.1
Aug 17 00:23:03 vm sshd[5904]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5903]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5905]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5908]: Bad protocol version identification 'USER AMAP' from 127.0.0.1
Aug 17 00:23:03 vm sshd[5906]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5911]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5909]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5910]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5912]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5917]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5913]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5915]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5919]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5918]: Did not receive identification string from 127.0.0.1
Aug 17 00:23:03 vm sshd[5920]: Did not receive identification string from 127.0.0.1

関連項目