Herramientas de usuario
Paso 1: Saber que rango de ips se asignan a un país, para ello buscar en https://www.ipdeny.com/ipblocks/
- como podemos ver, en https://www.ipdeny.com/ipblocks/data/countries/kp.zone sólamente tiene el bloque 175.45.176.0/22.
Ésto quiere decir que se asignan 32 bits - 22 = 10, 2^10 = 1024 ips
Escaneo completo y detallado mediante nmap de las 1024 ips que incluya la detección del sistema operativo
nmap -A -v 175.45.176.0/22 (Nota: ejecutar con sudo)
Aquí el problema que nos encontramos es que al ser la salida muy larga y exceder el buffer de la terminal el resultado se nos perderá, por lo tanto es mejor guardar el resultado de la salida en un fichero de texto, así que vamos a corregir el comando:
nmap -A -v 175.45.176.0/22 > resultado.txt (Nota: ejecutar con sudo)
después de 3 horas termina el escaneo, el archivo lo subo para que podais analizarlo y aprender, aquí la salida interesante:
Completed Connect Scan at 14:51, 8653.30s elapsed (18000 total ports)
Initiating Service scan at 14:51
Scanning 37 services on 18 hosts
Completed Service scan at 14:52, 72.44s elapsed (37 services on 18 hosts)
NSE: Script scanning 18 hosts.
Initiating NSE at 14:52
Completed NSE at 14:56, 244.20s elapsed
Initiating NSE at 14:56
Completed NSE at 15:04, 466.18s elapsed
Initiating NSE at 15:04
Completed NSE at 15:04, 0.01s elapsed
Nmap scan report for mail1.silibank.net.kp (175.45.176.21)
Host is up (0.48s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
995/tcp open pop3s?
7443/tcp closed oracleas-https
Nmap scan report for 175.45.176.22
Host is up (0.46s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
995/tcp open pop3s?
8888/tcp open sun-answerbook?
Nmap scan report for 175.45.176.68
Host is up (0.47s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2)
Nmap scan report for 175.45.176.69
Host is up (0.42s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
25/tcp open tcpwrapped
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2)
Nmap scan report for 175.45.176.71
Host is up (0.43s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2)
443/tcp open ssl/https?
Nmap scan report for 175.45.176.72
Host is up (0.52s latency).
Not shown: 977 closed ports
PORT STATE SERVICE VERSION
13/tcp filtered daytime
80/tcp open http Microsoft IIS httpd 7.5
82/tcp filtered xfer
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open ssl/https?
445/tcp filtered microsoft-ds
555/tcp filtered dsf
593/tcp filtered http-rpc-epmap
722/tcp filtered unknown
1151/tcp filtered unizensus
1433/tcp open ms-sql-s Microsoft SQL Server 2000 8.00.311; RTMa
2710/tcp filtered sso-service
3017/tcp filtered event_listener
3372/tcp filtered msdtc
4444/tcp filtered krb524
4446/tcp filtered n1-fwp
30718/tcp filtered unknown
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open unknown
60020/tcp filtered unknown
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Nmap scan report for 175.45.176.75
Host is up (0.45s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips)
443/tcp open ssl/http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips)
Nmap scan report for 175.45.176.76
Host is up (0.46s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
25/tcp open tcpwrapped
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2)
443/tcp open ssl/https?
Nmap scan report for 175.45.176.80
Host is up (0.48s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.18.0
Nmap scan report for 175.45.176.81
Host is up (0.45s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
25/tcp open tcpwrapped
80/tcp open http nginx 1.18.0
443/tcp open ssl/http nginx 1.18.0
Nmap scan report for 175.45.176.85
Host is up (0.45s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
25/tcp open tcpwrapped
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips)
443/tcp open ssl/http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips)
Nmap scan report for 175.45.176.91
Host is up (0.42s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.18.0
443/tcp closed https
Nmap scan report for 175.45.177.1
Host is up (0.39s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2)
443/tcp open ssl/https?
Nmap scan report for 175.45.177.10
Host is up (0.56s latency).
Not shown: 969 filtered ports
PORT STATE SERVICE VERSION
22/tcp closed ssh
23/tcp closed telnet
25/tcp open tcpwrapped
53/tcp closed domain
80/tcp open http nginx 1.18.0
113/tcp closed ident
199/tcp closed smux
256/tcp closed fw1-secureremote
443/tcp open ssl/http nginx 1.18.0
554/tcp closed rtsp
993/tcp closed imaps
1042/tcp closed afrog
1048/tcp closed neod2
1057/tcp closed startron
1999/tcp closed tcp-id-port
2638/tcp closed sybase
3003/tcp closed cgms
3389/tcp closed ms-wbt-server
3551/tcp closed apcupsd
3800/tcp closed pwgpsi
3851/tcp closed spectraport
4126/tcp closed ddrepl
5054/tcp closed rlm-admin
5900/tcp closed vnc
5987/tcp closed wbem-rmi
6789/tcp closed ibm-db2-admin
9666/tcp closed zoomcp
19283/tcp closed keysrvr
27356/tcp closed unknown
49155/tcp closed unknown
49160/tcp closed unknown
Nmap scan report for 175.45.177.11
Host is up (0.54s latency).
Not shown: 948 filtered ports
PORT STATE SERVICE VERSION
23/tcp closed telnet
53/tcp closed domain
80/tcp open http nginx 1.18.0
143/tcp closed imap
199/tcp closed smux
256/tcp closed fw1-secureremote
301/tcp closed unknown
443/tcp open ssl/http nginx 1.18.0
554/tcp closed rtsp
587/tcp closed submission
617/tcp closed sco-dtmgr
993/tcp closed imaps
995/tcp closed pop3s
999/tcp closed garcon
1025/tcp closed NFS-or-IIS
1048/tcp closed neod2
1057/tcp closed startron
1060/tcp closed polestar
1069/tcp closed cognex-insight
1070/tcp closed gmrupdateserv
1247/tcp closed visionpyramid
1972/tcp closed intersys-cache
1984/tcp closed bigbrother
2049/tcp closed nfs
2121/tcp closed ccproxy-ftp
3306/tcp closed mysql
3389/tcp closed ms-wbt-server
4003/tcp closed pxc-splr-ft
5560/tcp closed isqlplus
5900/tcp closed vnc
5959/tcp closed unknown
6005/tcp closed X11:5
6059/tcp closed X11:59
6839/tcp closed unknown
7938/tcp closed lgtomapper
8086/tcp closed d-s-n
8088/tcp closed radan-http
8192/tcp closed sophos
8402/tcp closed abarsd
8652/tcp closed unknown
8873/tcp closed dxspider
8888/tcp closed sun-answerbook
9666/tcp closed zoomcp
10000/tcp closed snet-sensor-mgmt
19801/tcp closed unknown
24800/tcp closed unknown
27356/tcp closed unknown
44501/tcp closed unknown
49155/tcp closed unknown
49160/tcp closed unknown
49165/tcp closed unknown
60443/tcp closed unknown
Nmap scan report for 175.45.178.129
Host is up (0.34s latency).
Not shown: 985 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh Cisco SSH 1.25 (protocol 1.99)
23/tcp open telnet Cisco router telnetd
25/tcp filtered smtp
139/tcp filtered netbios-ssn
1038/tcp filtered mtqp
1061/tcp filtered kiosk
1077/tcp filtered imgames
1658/tcp filtered sixnetudr
3300/tcp filtered ceph
5087/tcp filtered biotic
6565/tcp filtered unknown
6779/tcp filtered unknown
8045/tcp filtered unknown
8222/tcp filtered unknown
60020/tcp filtered unknown
Service Info: OS: IOS; Device: router; CPE: cpe:/o:cisco:ios
Nmap scan report for 175.45.178.134
Host is up (0.54s latency).
Not shown: 992 closed ports
PORT STATE SERVICE VERSION
25/tcp filtered smtp
139/tcp filtered netbios-ssn
646/tcp filtered ldp
1187/tcp filtered alias
1723/tcp filtered pptp
5550/tcp filtered sdadmind
8001/tcp filtered vcom-tunnel
64680/tcp filtered unknown
Nmap scan report for 175.45.178.138
Host is up (0.39s latency).
Not shown: 985 closed ports
PORT STATE SERVICE VERSION
22/tcp filtered ssh
23/tcp filtered telnet
25/tcp filtered smtp
53/tcp filtered domain
80/tcp filtered http
139/tcp filtered netbios-ssn
1028/tcp filtered unknown
1096/tcp filtered cnrprotocol
1840/tcp filtered netopia-vo2
2869/tcp filtered icslap
3168/tcp filtered poweronnud
4005/tcp filtered pxc-pin
9595/tcp filtered pds
10621/tcp filtered unknown
49161/tcp filtered unknown
NSE: Script Post-scanning.
Initiating NSE at 15:04
Completed NSE at 15:04, 0.00s elapsed
Initiating NSE at 15:04
Completed NSE at 15:04, 0.00s elapsed
Initiating NSE at 15:04
Completed NSE at 15:04, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1024 IP addresses (18 hosts up) scanned in 9665.53 seconds
Ips de los servidores con algún servicio o puerto abierto:
cat resultado.txt | grep 'open port' | cut -d' ' -f6 | sort | uniq
Número de servidores con algún servicio o puerto abierto:
cat resultado.txt | grep 'open port' | cut -d' ' -f6 | sort | uniq | wc -l
Ips de los servidores con el puerto 80 abierto (servidores web)
cat resultado.txt | grep 'open port' | grep '80' | cut -d' ' -f6 | sort | uniq
Número de servidores con el puerto 80 abierto
cat resultado.txt | grep 'open port' | grep '80' | cut -d' ' -f6 | sort | uniq | wc -l
Ips de los servidores con el puerto 443 abierto (servidores web con ssl)
cat resultado.txt | grep 'open port' | grep '443' | cut -d' ' -f6 | sort | uniq
175.45.176.71
175.45.176.72
175.45.176.75
175.45.176.76
175.45.176.81
175.45.176.85
175.45.177.1
175.45.177.10
175.45.177.11
Número de servidores con el puerto 443 abierto (servidores web con ssl)
cat resultado.txt | grep 'open port' | grep '443' | cut -d' ' -f6 | sort | uniq | wc -l
Aquí es donde vemos que sólo 9 de 13 servidores web tienen ssl, para ver cuales no tienen:
cat resultado.txt | grep 'open port' | grep '80' | cut -d' ' -f6 | sort | uniq | grep -v -f <(cat resultado.txt | grep 'open port' | grep '443' | cut -d' ' -f6 | sort | uniq)
175.45.176.68
175.45.176.69
175.45.176.80
175.45.176.91
Herramientas de la página
