Herramientas de usuario
Si leíste ips-zonas-militares podrás entender como se obtiene el fichero areas_con_ips.txt (zonas militares con ips asignadas)
Escaneamos los puertos más comunes
sudo masscan –ports 80,22,443,110,995,143,993,3306,2082,2083,25,2095,2096,2077,2078 –rate 10000 -iL areas_con_ips.txt -oJ masscan_areas_con_ips.json
cat masscan_areas_con_ips.json | grep open
{ “ip”: “79.174.36.70”, “timestamp”: “1734231736”, “ports”: [ {“port”: 443, “proto”: “tcp”, “status”: “open”, “reason”: “syn-ack”, “ttl”: 48} ] }
{ “ip”: “79.174.36.220”, “timestamp”: “1734231736”, “ports”: [ {“port”: 22, “proto”: “tcp”, “status”: “open”, “reason”: “syn-ack”, “ttl”: 48} ] }
mmdblookup –file ../GeoLite2-City.mmdb –ip 79.174.36.70 | grep -oE '[0-9]{1,3}\.[0-9]{6}'
55.687700
37.197100
mmdblookup –file ../GeoLite2-City.mmdb –ip 79.174.36.220 | grep -oE '[0-9]{1,3}\.[0-9]{6}'
55.687700
37.197100
Vemos que las 2 ips pertenecen a la misma zona militar
creamos un fichero hosts_areas.txt con esas 2 ips
sudo nmap -F -sS -iL hosts_areas.txt -oA nmap_areas_con_hosts_ru
Starting Nmap 7.80 ( https://nmap.org ) at 2024-12-15 04:08 CET
Nmap scan report for 79.174.36.70
Host is up (0.16s latency).
Not shown: 96 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
443/tcp open https
1723/tcp open pptp
Nmap scan report for 79.174.36.220
Host is up (0.17s latency).
Not shown: 95 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
443/tcp open https
3306/tcp open mysql
Nmap done: 2 IP addresses (2 hosts up) scanned in 11.98 seconds
Herramientas de la página
