📅 最后修改于: 2023-12-03 15:34:58.882000 🧑 作者: Mango
SIGIT是一个简单的信息收集工具包,旨在帮助程序员快速收集目标主机的信息,识别其安全漏洞。该工具包依赖于Kali Linux中的许多工具和技术,包括nmap和Metasploit。
SIGIT支持以下功能:
使用SIGIT非常简单。首先,您需要在Kali Linux中安装SIGIT。然后,您可以运行以下命令以收集目标主机的信息:
sigit -t [目标主机IP地址]
此命令将执行端口扫描、操作系统识别、服务识别和漏洞检测。收集的信息将输出到终端。您还可以将信息保存到文件中:
sigit -t [目标主机IP地址] -o [输出文件名]
以下是SIGIT的示例输出:
Sigint - Simple Information Gathering Toolkit
Target: 192.168.0.1
---------------------
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
53/tcp open domain ISC BIND 9.10.3-P4-Ubuntu
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP)
3306/tcp open mysql MySQL 5.7.24-0ubuntu0.16.04.1
8080/tcp open http-proxy Squid http proxy 3.5.12
[+] Operating System: Linux 3.13 - 4.4
[+] SSH Version: OpenSSH 7.2p2 Ubuntu 4ubuntu2.8
[+] BIND Version: ISC BIND 9.10.3-P4-Ubuntu
[+] Apache Version: Apache httpd 2.4.18 ((Ubuntu))
[+] Samba Version: Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
[+] MySQL Version: MySQL 5.7.24-0ubuntu0.16.04.1
[+] Squid Proxy Version: Squid http proxy 3.5.12
Vulnerabilities:
------------------
[+] CVE-2016-6662 - MySQL Root to System User Exploit (Linux Only)
以下是SIGIT的代码片段:
#!/bin/bash
function usage() {
echo "Usage: sigit -t [target IP] [-o output_file_name]"
exit 1
}
# 解析命令行参数
while getopts ":t:o:" opt; do
case ${opt} in
t )
target_ip=$OPTARG
;;
o )
output_file=$OPTARG
;;
\? )
usage
;;
: )
echo "Invalid option: $OPTARG requires an argument" 1>&2
usage
;;
esac
done
# 指定nmap可识别的操作系统名称
os_name=$(nmap -sS -T4 -O $target_ip | grep 'Running' | cut -d ':' -f 2)
# 端口扫描和服务识别
port_scan=$(nmap -sS -T4 $target_ip)
ssh_version=$(echo "$port_scan" | grep '22/tcp' | awk '{print $5}')
dns_version=$(echo "$port_scan" | grep '53/tcp' | awk '{print $5}')
http_version=$(echo "$port_scan" | grep '80/tcp' | awk '{print $5}')
netbios_version=$(echo "$port_scan" | grep -E '139/tcp|445/tcp' | awk '{print $5}')
mysql_version=$(echo "$port_scan" | grep '3306/tcp' | awk '{print $5}')
proxy_version=$(echo "$port_scan" | grep '8080/tcp' | awk '{print $5}')
# 漏洞检测
vulnerabilities=$(msfconsole -q -x "use auxiliary/scanner/mysql/mysql_version; set rhosts $target_ip; run; exit;" | grep 'VULNERABLE' | awk '{print $2}' | sed 's/(\|)//g')
# 输出结果
echo "Sigint - Simple Information Gathering Toolkit"
echo ""
echo "Target: $target_ip"
echo "---------------------"
echo "$port_scan"
echo ""
echo "[+] Operating System: $os_name"
echo "[+] SSH Version: $ssh_version"
echo "[+] BIND Version: $dns_version"
echo "[+] Apache Version: $http_version"
echo "[+] Samba Version: $netbios_version"
echo "[+] MySQL Version: $mysql_version"
echo "[+] Squid Proxy Version: $proxy_version"
echo ""
echo "Vulnerabilities:"
echo "------------------"
for vulnerability in $vulnerabilities
do
echo "[+] $vulnerability"
done
# 输出到文件
if [ ! -z $output_file ]
then
echo ""
echo "Writing output to file: $output_file"
echo ""
echo "Sigint - Simple Information Gathering Toolkit" > $output_file
echo "" >> $output_file
echo "Target: $target_ip" >> $output_file
echo "---------------------" >> $output_file
echo "$port_scan" >> $output_file
echo "" >> $output_file
echo "[+] Operating System: $os_name" >> $output_file
echo "[+] SSH Version: $ssh_version" >> $output_file
echo "[+] BIND Version: $dns_version" >> $output_file
echo "[+] Apache Version: $http_version" >> $output_file
echo "[+] Samba Version: $netbios_version" >> $output_file
echo "[+] MySQL Version: $mysql_version" >> $output_file
echo "[+] Squid Proxy Version: $proxy_version" >> $output_file
echo "" >> $output_file
echo "Vulnerabilities:" >> $output_file
echo "------------------" >> $output_file
for vulnerability in $vulnerabilities
do
echo "[+] $vulnerability" >> $output_file
done
fi