多个厂商memcache端口对外开放(批量检测实例)
简单脚本实现:批量检测存在对外开放memcache的厂商
1.抓乌云厂商域名,抓后使用grep awk把域名提取出来,excel分列功能也可以,略过
#!/bin/bash
for ((i=1;i<24;i++))
do
curl http://www.wooyun.org/corps/page/$i|grep nofollow >> wooyun.txt
done
2.域名解析为IP地址,获取厂商所在的IP段。
#!/bin/bash
while read oneline
do
dig ${oneline}|grep IN|grep A|tail -n 1|awk '{printf $5"\n"}' >> ip.txt
done < wooyun.org.txt
3.批量扫描开放11211的端口的IP
#!/bin/bash
while read oneline
do
nmap -sT -p 11211 ${oneline}/24 >> 11211.txt
done < ip.txt
扫描后的结果如下:
Interesting ports on 220.181.xx.xx: PORT STATE SERVICE 11211/tcp filtered unknown
需要简单处理下,获取open标识的IP
cat 11211.txt |grep -v PORT|tr -t '\n' ','|sed 's/unknown/\n/g'|grep open
注意:脚本中扛n 被乌云转换成扛扛n了
筛选了一些结果如下:
宜搜 118.145.13.3
http://moto.it168.com/ ,,Interesting ports on 219.148.35.195:,11211/tcp open ,,Interesting ports on 219.148.35.196:,11211/tcp open opera.com ,,Interesting ports on s-02-08.opera.com (195.189.143.156):,11211/tcp open ,,Interesting ports on 195.189.143.157:,11211/tcp open ,,Interesting ports on p21-10.opera.com (195.189.143.159):,11211/tcp open ,,Interesting ports on h3.opera.com (195.189.143.164):,11211/tcp open ,,Interesting ports on h4.opera.com (195.189.143.165):,11211/tcp open ,,Interesting ports on h5.opera.com (195.189.143.166):,11211/tcp open ,,Interesting ports on h6.opera.com (195.189.143.167):,11211/tcp open ,,Interesting ports on h8.opera.com (195.189.143.169):,11211/tcp open ,,Interesting ports on h9.opera.com (195.189.143.176):,11211/tcp open ,,Interesting ports on p21-15.opera.com (195.189.143.186):,11211/tcp open ,,Interesting ports on p21-16.opera.com (195.189.143.187):,11211/tcp open newsletter2.51cto.com 118.144.78.44
使用php程序连接:
修复方案:
禁止外网访问缓存服务端口
相关文章
图文推荐
- 文章
- 推荐
- 热门新闻