---
工具名稱: Amap
所屬分類: Information Gathering
標簽: [kali linux,amap,information gathering,amapcrap]
創建時間: 2016-10-18 16:52:00
---
0x00 Amap介紹
===========
Amap是第首款針對滲透測試人員的下一代掃描工具, 它嘗試識別即使在不同于正常端口的端口上運行應用程序。
Amap還可以通過發送觸發數據包并在響應字符串列表中查找響應來識別基于非ascii編碼的應用程序。
工具來源:https://www.thc.org/thc-amap/
[Amap主頁][1] | [Kali Amap Repo倉庫][2]
- 作者:van Hauser and DJ RevMoon
- 證書:其他
0x01 包含在Amap包的工具
================
amapcrap - 將隨機數據發送到UDP,TCP或SSL端口以獲取非法響應
```shell
root@kali:~# amapcrap
amapcrap v5.4 (c) 2011 by van Hauser/THC <vh@thc.org>
語法:amapcrap [-S] [-u] [-m 0ab] [-M min,max] [-n connections] [-N delay] [-w delay] [-e] [-v] TARGET PORT
選項:
-S TCP連接后使用SSL(不能與 -u 同時使用)
-u 使用UDP協議(默認值:TCP)(不能與 -c 同時使用)
-n 連接最大連接數(默認值:無限制)
-N 連接之間的延遲(ms)(默認值:0)
-w 延遲關閉端口之前的延遲(默認值:250)
-e 當服務器做出響應時不停止發送
-v 詳細模式
-m 0ab 發送為隨機垃圾數據:0-空字節,a-字母+空格,b-二進制
-M min,max 隨機垃圾數據的最小和最大長度
TARGET PORT 發送隨機垃圾數據的目標(ip或dns)和端口
此工具將隨機數據發送到靜默端口以獲取非法響應以便下一步amap檢測, 它輸出適用于amap定義的形式。
注意:默認情況下所有模式都將被激活(0:10%,a:40% b:50%),模式'a'總是發送以字母和空格結尾的行。
可以訪問我們的主頁http://www.thc.org
```
amapcrap用法示例
------------
```shell
root@kali:~# amapcrap -n 20 -m a 192.168.1.15 80 -v
# Starting AmapCrap on 192.168.1.15 port 80
# Writing a "+" for every 10 connect attempts
# ++
done
```
amap – Application MAPper:滲透測試人員的下一代掃描工具
```shell
root@kali:~# amap
amap v5.4 (c) 2011 by van Hauser <vh@thc.org> www.thc.org/thc-amap
語法: amap [-A|-B|-P|-W] [-1buSRHUdqv] [[-m] -o <file>] [-D <file>] [-t/-T sec] [-c cons] [-C retries] [-p proto] [-i <file>] [target port [port] ...]
模式:
-A 地圖應用程序:發送觸發包和分析響應(默認)
-B 只抓取標識信息,不發送觸發包
-P 不抓取標識信息橫幅或應用程序的東西 - (全連接)端口掃描器
選項:
-1 只發送觸發到端口,直到第一次標識。
-6 使用IPv6而不是IPv4
-b 打印響應的ascii標識信息
-i FILE 輸出Nmap可讀文件
-u 在命令行上指定的端口UDP(默認為TCP)
-R 不標識RPC服務
-H 不發送被應用程序標記為潛在有害的觸發包
-U 不要轉儲無法識別的響應(更腳本處理)
-d 轉儲所有響應
-v 詳細模式,使用兩次(或更多!)進行調試(不推薦:-)
-q 不報告關閉的端口,并且不將其打印為不識別的
-o FILE [-m] 將輸出寫入文件FILE,-m創建機器可讀輸出
-c CONS 要進行的并行連接數(默認32,最大256)
-C RETRIES 連接超時的重新連接數(請參見-T)(默認3)
-T SEC 連接嘗試的連接超時(以秒為單位)(默認為5)
-t SEC 響應等待超時(以秒為單位)(默認值為5)
-p PROTO 僅發送此協議的觸發包(例如ftp)
TARGET PORT 要掃描的目標地址和端口(除-i之外)
amap是用于標識目標端口上的應用程序協議的工具。
注意:此版本不是使用SSL支持編譯的!
使用提示:建議使用選項“-bqv”,“-1”快速檢查。
```
Amap用法示例
-----------------
掃描192.168.1.15 80端口,顯示接收的標識(b),不顯示關閉端口(Q),并使用詳細輸出(V):
```shell
root@kali:~# amap -bqv 192.168.1.15 21
Using trigger file /etc/amap/appdefs.trig ... loaded 30 triggers
Using response file /etc/amap/appdefs.resp ... loaded 346 responses
Using trigger file /etc/amap/appdefs.rpc ... loaded 450 triggers
amap v5.4 (www.thc.org/thc-amap) started at 2016-10-18 14:24:02 - APPLICATION MAPPING mode
Total amount of tasks to perform in plain connect mode: 23
Waiting for timeout on 23 connections ...
Protocol on 192.168.1.15 :21/tcp matches ftp - banner: 220---------- Welcome to Pure-FTPd [privsep] ----------\r\n220-You are user number 7 of 5000 allowed.\r\n220-Local time is now 0224. Server port 21.\r\n220-This is a private system - No anonymous login\r\n220-IPv6 connections are also welcome on this ser
Protocol on 192.168.1.15 :21/tcp matches smtp - banner: 220---------- Welcome to Pure-FTPd [privsep] ----------\r\n220-You are user number 7 of 5000 allowed.\r\n220-Local time is now 0224. Server port 21.\r\n220-This is a private system - No anonymous login\r\n220-IPv6 connections are also welcome on this ser
amap v5.4 finished at 2016-10-18 14:24:02
```
```shell
root@kali:~# amap -bqv 192.168.1.15 80
Using trigger file /etc/amap/appdefs.trig ... loaded 30 triggers
Using response file /etc/amap/appdefs.resp ... loaded 346 responses
Using trigger file /etc/amap/appdefs.rpc ... loaded 450 triggers
amap v5.4 (www.thc.org/thc-amap) started at 2016-10-18 14:25:57 - APPLICATION MAPPING mode
Total amount of tasks to perform in plain connect mode: 23
Waiting for timeout on 23 connections ...
Protocol on 192.168.1.15 :80/tcp matches http - banner: HTTP/1.1 400 Bad Request\r\nServer nginx\r\nDate Tue, 18 Oct 2016 182558 GMT\r\nContent-Type text/html\r\nContent-Length 166\r\nConnection close\r\n\r\n<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body bgcolor="white">\r\n<center><h1>400 Bad
amap v5.4 finished at 2016-10-18 14:25:57
```
[1]: http://www.thc.org/thc-amap/
[2]: http://git.kali.org/gitweb/?p=packages/amap.git;a=summary
- Information Gathering
- acccheck
- ace-voip
- Amap
- Automater
- bing-ip2hosts
- braa
- CaseFile
- CDPSnarf
- cisco-torch
- Cookie Cadger
- copy-router-config
- DMitry
- dnmap
- dnsenum
- dnsmap
- DNSRecon
- dnstracer
- dnswalk
- DotDotPwn
- enum4linux
- enumIAX
- Fierce
- Firewalk
- fragroute
- fragrouter
- Ghost Phisher
- GoLismero
- goofile
- hping3
- InTrace
- iSMTP
- lbd
- Maltego Teeth
- masscan
- Metagoofil
- Miranda
- nbtscan-unixwiz
- Nmap
- ntop
- p0f
- Parsero
- Recon-ng
- SET
- smtp-user-enum
- snmp-check
- sslcaudit
- SSLsplit
- sslstrip
- SSLyze
- THC-IPV6
- theHarvester
- TLSSLed
- twofi
- URLCrazy
- Wireshark
- WOL-E
- Xplico
- Vulnerability Analysis
- BBQSQL
- BED
- cisco-auditing-tool
- cisco-global-exploiter
- cisco-ocs
- cisco-torch
- copy-router-config
- Doona
- Exploitation Tools
- Wireless Attacks
- Ghost-Phisher
- mfoc
- Forensics Tools
- Binwalk
- bulk-extractor
- Web Applications
- apache-users
- BurpSuite
- sqlmap
- w3af
- Sniffing-Spoofing
- Bettercap
- Burp Suite
- DNSChef
- Fiked
- hamster-sidejack
- HexInject
- Password Attacks
- crunch
- hashcat
- John the Ripper
- Johnny
- Hardware Hacking
- android-sdk
- apktool
- Arduino
- dex2jar
- Sakis3G
- Reverse Engineering
- apktool