nmap только вот скрипт наверное прийдется самому писать, ну или выбери из существующих https://nmap.org/nsedoc/scripts/
Они функционируют? Пользуясь скриптом redis-brute.nse получаю результат вида: Code: Nmap scan report for mx.petersmith.one (23.29.118.19) Host is up (0.14s latency). Not shown: 991 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0) 25/tcp open smtp Postfix smtpd 80/tcp open http nginx 110/tcp open pop3 Dovecot pop3d 143/tcp open imap Dovecot imapd (Ubuntu) 443/tcp open ssl/http nginx 587/tcp open smtp Postfix smtpd 993/tcp open imaps? 995/tcp open pop3s? Service Info: Hosts: -mx.petersmith.one, mx.petersmith.one; OS: Linux; CPE: cpe:/o:linux:linux_kernel Nmap scan report for 23-29-118-20.static.hvvc.us (23.29.118.20) Host is up (0.14s latency). Not shown: 850 closed tcp ports (conn-refused), 145 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0) 80/tcp open http Golang net/http server (Go-IPFS json-rpc or InfluxDB API) 443/tcp open ssl/http Golang net/http server (Go-IPFS json-rpc or InfluxDB API) 465/tcp open ssl/smtp | fingerprint-strings: | GenericLines: | 220 Apache JAMES awesome SMTP Server | 5.5.1 Command unrecognized. | 5.5.1 Command unrecognized. | GetRequest: | 220 Apache JAMES awesome SMTP Server | 5.5.1 Command GET unrecognized. | 5.5.1 Command unrecognized. | Hello: | 220 Apache JAMES awesome SMTP Server | 5.5.4 Domain address required: EHLO | Help: | 220 Apache JAMES awesome SMTP Server | 5.3.3 HELP is not supported | NULL: |_ 220 Apache JAMES awesome SMTP Server 993/tcp open ssl/imap | fingerprint-strings: | GenericLines, GetRequest: | * OK JAMES IMAP4rev1 Server james-deployment-5d8f59b79-pldsb is ready. | Unknown command. | NULL: |_ * OK JAMES IMAP4rev1 Server james-deployment-5d8f59b79-pldsb is ready. 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service : ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port465-TCP:V=7.94%T=SSL%I=7%D=8/19%Time=64E131B7%P=x86_64-pc-linux-gnu SF:%r(NULL,26,"220\x20Apache\x20JAMES\x20awesome\x20SMTP\x20Server\r\n")%r SF:(Hello,4F,"220\x20Apache\x20JAMES\x20awesome\x20SMTP\x20Server\r\n501\x SF:205\.5\.4\x20Domain\x20address\x20required:\x20EHLO\r\n")%r(Help,47,"22 SF:0\x20Apache\x20JAMES\x20awesome\x20SMTP\x20Server\r\n502\x205\.3\.3\x20 SF:HELP\x20is\x20not\x20supported\r\n")%r(GenericLines,6A,"220\x20Apache\x SF:20JAMES\x20awesome\x20SMTP\x20Server\r\n500\x205\.5\.1\x20Command\x20\x SF:20unrecognized\.\r\n500\x205\.5\.1\x20Command\x20\x20unrecognized\.\r\n SF:")%r(GetRequest,6D,"220\x20Apache\x20JAMES\x20awesome\x20SMTP\x20Server SF:\r\n500\x205\.5\.1\x20Command\x20GET\x20unrecognized\.\r\n500\x205\.5\. SF:1\x20Command\x20\x20unrecognized\.\r\n"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port993-TCP:V=7.94%T=SSL%I=7%D=8/19%Time=64E131BB%P=x86_64-pc-linux-gnu SF:%r(NULL,48,"\*\x20OK\x20JAMES\x20IMAP4rev1\x20Server\x20james-deploymen SF:t-5d8f59b79-pldsb\x20is\x20ready\.\r\n")%r(GetRequest,60,"\*\x20OK\x20J SF:AMES\x20IMAP4rev1\x20Server\x20james-deployment-5d8f59b79-pldsb\x20is\x SF:20ready\.\r\n\*\x20BYE\x20Unknown\x20command\.\r\n")%r(GenericLines,60, SF:"\*\x20OK\x20JAMES\x20IMAP4rev1\x20Server\x20james-deployment-5d8f59b79 SF:-pldsb\x20is\x20ready\.\r\n\*\x20BYE\x20Unknown\x20command\.\r\n"); Service Info: Host: JAMES; OS: Linux; CPE: cpe:/o:linux:linux_kernel Хотя предположил бы нахождение хостов с включенным redis.
Как бы вбить наугад скрипт конечно можно, но желательно почитать как правильно пользоваться скриптами и аргументами скриптов.
