精华内容
下载资源
问答
  • 主动扫描和被动扫描的区别
    千次阅读
    2020-10-14 15:38:37

    web漏洞扫描器

    web漏扫的工作大致可以分为三个阶段:页面爬取——探测点发现——漏洞检测
    主要有主动扫描器和被动扫描器两种

    主动扫描: 输入某个URL,然后由扫描器中的爬虫模块爬取所有链接,对GET、POST等请求进行参数变形和污染,进行重放测试,然后依据返回信息中的状态码、数据大小、数据内容关键字等去判断该请求是否含有相应的漏洞

    被动扫描: 在进行手动测试的过程中,代理将流量转发给漏洞扫描器,然后再进行漏洞检测

    区别: 被动扫描不进行大规模的爬虫爬取行为,不主动爬取站点链接,而是通过流量、代理等方式去采集测试数据源

    优势: 被动扫描省去了爬虫的阶段,可以大大减少测试时间

    开源的被动扫描器: W13ScanXraymyscan

    参考文章

    https://zhuanlan.zhihu.com/p/28115732
    https://cloud.tencent.com/developer/news/175423
    https://www.codenong.com/cs105907150/

    更多相关内容
  • 主动扫描和被动扫描

    千次阅读 多人点赞 2021-12-05 15:08:30
    主动扫描和被动扫描的区别

    主动扫描

    在扫描器中输入目标域名或者URL用爬虫模块爬取所有链接,对GET、POST等请求进行参数变形和污染,进行重放测试,然后依据返回信息中的状态码、数据大小、数据内容关键字等去判断该请求是否含有相应的漏洞。

    典型主动扫描器:AWVS、Nessus

    Xray也可以主动扫描

    使用 xray 基础爬虫模式进行漏洞扫描爬虫模式是模拟人工去点击网页的链接,然后去分析扫描,和代理模式不同的是,爬虫不需要人工的介入,访问速度要快很多。

    ./xray_windows_amd64 webscan --basic-crawler http://testphp.vulnweb.com/ --html-output xray-crawler-testphp.html
    

    Xray衍生出的一款工具Rad,全名 Radium有主动扫描的功能 。从一个URL开始,辐射到一整个站点空间,是一款专为安全扫描而生的浏览器爬虫

    https://github.com/chaitin/rad
    

    在这里插入图片描述

    被动扫描

    将流量代理到浏览器然后再进行漏洞检测,就像Xray开启了代理 127.0.0.1 7777 然后点哪扫哪。

    .\xray_windows_amd64.exe webscan --listen 127.0.0.1:7777 --html-output xray-testphp.html
    

    在这里插入图片描述

    在这里插入图片描述

    典型被动扫描工具:Xray

    展开全文
  • Android Wifi 主动扫描 被动扫描

    千次阅读 2018-12-20 15:59:00
    介绍主动扫描,被动扫描以及连接的wifi的扫描过程 参考文档 《802.11无线网络权威指南》 《80_Y0513_1_QCA_WCN36X0_SOFTWARE_ARCHITECTURE.pdf》(高通文档) 被动扫描(passive scanning) 可以节省电池的电力,因为...

    介绍主动扫描,被动扫描以及连接的wifi的扫描过程

    参考文档

    《802.11无线网络权威指南》

    《80_Y0513_1_QCA_WCN36X0_SOFTWARE_ARCHITECTURE.pdf》(高通文档)

    被动扫描(passive scanning)

    可以节省电池的电力,因为不需要传送任何信号。在被动
    扫描中,工作站会在频道表(channel list)所列的各个频道之间不断切换,并静候Beacon 帧
    的到来。所收到的任何帧都会被暂存起来,以便取出传送这些帧之BSS 的相关数据。
    作被动扫描的过程中,工作站会在频道间不断切换,并且会记录来自所收到之Beacon 信息
    的信息。Beacon 在设计上是为了让工作站得知,加入某个基本服务组合(basic service set,
    简称BSS)所需要的参数,以便进行通讯。

    主动扫描(active scanning)

    在主动扫描中,工作站扮演比较积极的角色。在每个频道上,工作站
    都会岭出Probe Request 帧,请求某个特定网络予以回应。主动扫描系主动试图寻找网络,而不
    是听候网络宣告本身的存在。使用主动扫描的工作站将会以如下的程序扫描频道表所列的频道:

    1.跳至某个频道,然后等候来讯显示,或者等到ProbeDelay 计时器逾时。如果在这个频道收得到帧,就证明该频道有人使用,因此可以加以探
    测。此计时器用来防止某个闲置频道让整个程序停摆;工作站不会一直听候帧到来。

    2.利用基本的DCF 访问程序取得介质使用权,然后送出一个Probe Request 帧。

    3.至少等候一段最短的频道时间(即MinChannelTime)。

    a.如果介质并不忙碌,表示没有网络存在。因此可以跳至下个频道。

    b.如果在MinChannelTime 这段期间介质非常忙碌,就继续等候一段时间,直 到
    最长的频道时间(即MaxChannelTime),然后处理任何的Probe Response 帧。

    当网络收到搜寻其所属之延伸服务组合的Probe Request(探查要求),就会发出Probe
    Response(探查回应)帧。为了在舞会中找到朋友,各位或许会绕著舞池大声叫喊对方的名字。
    (虽然这并不礼貌,不过如果真想找到朋友,大概没有其他选择。)如果对方听见了,她就会出
    声回应,至于其他人根本就不会理你(希望如此)。Probe Request 框的作用类似,不过在Probe
    Request 帧当中可以使用broadcast SSID,如此一来,该区所有的802.11 网络都会以Probe
    Response 加以回应。

    probe request两种情况的不同

    指定SSID

    745188-20181220155727566-658640503.png

    SSID为空(broadcast)

    745188-20181220155743171-539729832.png

    kernel扫描日志

    主动扫描

    18:49:39.864678  [18:49:39.858008] [00000016B70D009C] [VosMC] wlan: [I :VOS] VosMCThread: Servicing the VOS PE MC Message queue
    18:49:39.864704  [18:49:39.858079] [00000016B70D05E4] [VosMC] wlan: [I :PE ] limContinuePostChannelScan: 477:  Mac Addr da:a1:19:53:b9:f8 used in sending ProbeReq number 0, for SSID  on channel: 2
    18:49:39.864726  [18:49:39.858146] [00000016B70D0AEA] [VosMC] wlan: [I :VOS] VPKT [779]: [0000000000000000] Packet allocated, type 0[TX_802_11_MGMT]
    18:49:39.864748  [18:49:39.858193] [00000016B70D0E76] [VosMC] wlan: [IH:WDA] Tx Mgmt Frame Subtype: 4 alloc(0000000000000000) txBdToken = 0
    18:49:39.864770  [18:49:39.858221] [00000016B70D108F] [VosMC] wlan: [I :TL ] TL: using self sta addr to get staidx for spoofed probe req 00:0a:f5:32:b1:50
    18:49:39.864792  [18:49:39.858237] [00000016B70D11BE] [VosMC] wlan: [IL:TL ] WLAN TL: fProtMgmtFrame:0
    18:49:39.864814  [18:49:39.858256] [00000016B70D132A] [VosMC] wlan: [IL:TL ] WLAN TL: Dump TX meta info: txFlags:2, qosEnabled:0, ac:0, isEapol:0, fdisableFrmXlt:1, frmType:0
    18:49:39.864836  [18:49:39.858269] [00000016B70D142E] [VosMC] wlan: [IH:TL ] Serializing WDA TX Start Xmit event
    18:49:39.866943  [18:49:39.858720] [00000016B70D360E] [VosTX] wlan: [I :VOS] VosTXThread: Servicing the VOS TL TX Message queue
    18:49:39.866992  [18:49:39.858916] [00000016B70D44B8] [VosTX] wlan: [I :WDI] WDTS_TxPacketComplete: Management frame Tx complete status: 0
    18:49:39.867015  [18:49:39.858934] [00000016B70D4604] [VosTX] wlan: [I :WDA] Enter:WDA_TxComplete
    18:49:39.867037  [18:49:39.858955] [00000016B70D4795] [VosTX] wlan: [I :VOS] VPKT [1428]: [0000000000000000] Packet returned, type 0[TX_802_11_MGMT]
    18:49:39.867059  [18:49:39.859423] [00000016B70D6AB7] [VosMC] wlan: [I :SYS] tx_timer_deactivate() called for timer MIN CHANNEL TIMEOUT
    18:49:39.867098  [18:49:39.859437] [00000016B70D6BBD] [VosMC] wlan: [IH:VOS] vos_timer_stop: Timer Addr inside voss_stop : 0x0000000000000000
    18:49:39.867120  [18:49:39.859450] [00000016B70D6CBE] [VosMC] wlan: [IH:VOS] vos_timer_stop: Cannot stop timer in state = 19
    18:49:39.867141  [18:49:39.859466] [00000016B70D6DEF] [VosMC] wlan: [I :SYS] Timer MIN CHANNEL TIMEOUT being activated
    18:49:39.867180  [18:49:39.859478] [00000016B70D6EDD] [VosMC] wlan: [IH:VOS] Timer Addr inside voss_start : 0x0000000000000000 
    18:49:39.867201  [18:49:39.859497] [00000016B70D7048] [VosMC] wlan: [I :SYS] Timer MIN CHANNEL TIMEOUT now activated
    18:49:39.867240  [18:49:39.859509] [00000016B70D7124] [VosMC] wlan: [I :SYS] tx_timer_deactivate() called for timer MAX CHANNEL TIMEOUT
    18:49:39.867279  [18:49:39.859520] [00000016B70D7202] [VosMC] wlan: [IH:VOS] vos_timer_stop: Timer Addr inside voss_stop : 0x0000000000000000
    18:49:39.867301  [18:49:39.859532] [00000016B70D72E9] [VosMC] wlan: [IH:VOS] vos_timer_stop: Cannot stop timer in state = 19
    18:49:39.867323  [18:49:39.859543] [00000016B70D73BF] [VosMC] wlan: [I :SYS] Timer MAX CHANNEL TIMEOUT being activated
    18:49:39.867362  [18:49:39.859554] [00000016B70D748A] [VosMC] wlan: [IH:VOS] Timer Addr inside voss_start : 0x0000000000000000 
    18:49:39.867405  [18:49:39.859567] [00000016B70D757E] [VosMC] wlan: [I :SYS] Timer MAX CHANNEL TIMEOUT now activated
    18:49:39.867446  [18:49:39.859578] [00000016B70D765B] [VosMC] wlan: [I :SYS] tx_timer_deactivate() called for timer Periodic Probe Request Timer
    18:49:39.867485  [18:49:39.859589] [00000016B70D7731] [VosMC] wlan: [IH:VOS] vos_timer_stop: Timer Addr inside voss_stop : 0x0000000000000000
    18:49:39.867506  [18:49:39.859601] [00000016B70D7816] [VosMC] wlan: [IH:VOS] vos_timer_stop: Cannot stop timer in state = 19
    18:49:39.867528  [18:49:39.859614] [00000016B70D7903] [VosMC] wlan: [I :SYS] Timer Periodic Probe Request Timer being activated     // 扫描请求定时器
    18:49:39.867566  [18:49:39.859624] [00000016B70D79C9] [VosMC] wlan: [IH:VOS] Timer Addr inside voss_start : 0x0000000000000000 
    18:49:39.867587  [18:49:39.859638] [00000016B70D7AD6] [VosMC] wlan: [I :SYS] Timer Periodic Probe Request Timer now activated
    18:49:39.867626  [18:49:39.861202] [00000016B70DF068] [cnss_] wlan: [I :HDD] __wlan_hdd_cfg80211_get_wifi_info: 6759: Rcvd req for FW version FW version is CNSS-PR-4-0-509-158621-1
    18:49:39.867647  [18:49:39.861722] [00000016B70E1739] [swapp] wlan: [I :VOS] TIMER callback: running on MC thread
    18:49:39.867668  [18:49:39.861831] [00000016B70E1F55] [VosMC] wlan: [I :VOS] VosMCThread: Servicing the VOS SYS MC Message queue
    18:49:39.867689  [18:49:39.861850] [00000016B70E20B7] [VosMC] wlan: [I :SYS] Timer Periodic Probe Request Timer triggered           // 超时处理
    18:49:39.867711  [18:49:39.861874] [00000016B70E2291] [VosMC] wlan: [I :VOS] VosMCThread: Servicing the VOS PE MC Message queue
    18:49:39.867733  [18:49:39.861917] [00000016B70E25C3] [VosMC] wlan: [I :PE ] limProcessPeriodicProbeReqTimer: 4237: Mac Addr used in Probe Req is :da:a1:19:53:b9:f8
    18:49:39.867755  [18:49:39.861994] [00000016B70E2B8E] [VosMC] wlan: [I :VOS] VPKT [779]: [0000000000000000] Packet allocated, type 0[TX_802_11_MGMT]
    18:49:39.867776  [18:49:39.862042] [00000016B70E2F1F] [VosMC] wlan: [IH:WDA] Tx Mgmt Frame Subtype: 4 alloc(0000000000000000) txBdToken = 0
    18:49:39.867799  [18:49:39.862070] [00000016B70E3141] [VosMC] wlan: [I :TL ] TL: using self sta addr to get staidx for spoofed probe req 00:0a:f5:32:b1:50
    18:49:39.867820  [18:49:39.862086] [00000016B70E3278] [VosMC] wlan: [IL:TL ] WLAN TL: fProtMgmtFrame:0
    18:49:39.867842  [18:49:39.862105] [00000016B70E33DB] [VosMC] wlan: [IL:TL ] WLAN TL: Dump TX meta info: txFlags:2, qosEnabled:0, ac:0, isEapol:0, fdisableFrmXlt:1, frmType:0
    18:49:39.867863  [18:49:39.862118] [00000016B70E34DB] [VosMC] wlan: [IH:TL ] Serializing WDA TX Start Xmit event
    18:49:39.867884  [18:49:39.862200] [00000016B70E3AFD] [VosTX] wlan: [I :VOS] VosTXThread: Servicing the VOS TL TX Message queue
    18:49:39.875713  [18:49:39.862463] [00000016B70E4EBF] [VosTX] wlan: [I :WDI] WDTS_TxPacketComplete: Management frame Tx complete status: 0
    18:49:39.875783  [18:49:39.862521] [00000016B70E5313] [VosTX] wlan: [I :WDA] Enter:WDA_TxComplete
    18:49:39.875807  [18:49:39.862545] [00000016B70E54D5] [VosTX] wlan: [I :VOS] VPKT [1428]: [0000000000000000] Packet returned, type 0[TX_802_11_MGMT]
    18:49:39.875829  [18:49:39.863277] [00000016B70E8BD9] [VosMC] wlan: [I :SYS] Timer Periodic Probe Request Timer being activated
    18:49:39.875868  [18:49:39.863295] [00000016B70E8D1A] [VosMC] wlan: [IH:VOS] Timer Addr inside voss_start : 0x0000000000000000 
    18:49:39.875890  [18:49:39.863315] [00000016B70E8E94] [VosMC] wlan: [I :SYS] Timer Periodic Probe Request Timer now activated
    18:49:39.875929  [18:49:39.863568] [00000016B70EA19D] [VosRX] wlan: [I :VOS] VPKT [779]: [0000000000000000] Packet allocated, type 3[RX_RAW]
    18:49:39.875951  [18:49:39.864074] [00000016B70EC78E] [VosMC] wlan: [I :VOS] VosMCThread: Servicing the VOS PE MC Message queue
    18:49:39.875974  [18:49:39.864119] [00000016B70ECAE9] [VosMC] wlan: [I :PE ] limHandle80211Frames: 821: RX MGMT - Type 0, SubType 5,Seq.no 1927, Source mac-addr a0:04:60:8e:cf:8b

    被动扫描

    13:51:17.028054  [13:51:16.916323] [0000000114D926EF] [VosMC] wlan: [I :VOS] VosMCThread: Servicing the VOS PE MC Message queue
    13:51:17.028076  [13:51:16.916373] [0000000114D92AC0] [VosMC] wlan: [I :PE ] limContinueChannelScan: 1390: Current Channel to be scanned is 64
    13:51:17.028099  [13:51:16.916372] [0000000114D92AB3] [cnss_] wlan: [I :HDD] __wlan_hdd_cfg80211_get_wifi_info: 6759: Rcvd req for FW version FW version is CNSS-PR-4-0-509-158621-1
    13:51:17.028122  [13:51:16.916407] [0000000114D92D3D] [VosMC] wlan: [I :VOS] VosMCThread: Servicing the VOS WDA MC Message queue
    13:51:17.028144  [13:51:16.916423] [0000000114D92E71] [VosMC] wlan: [IL:WDA] =========> WDA_McProcessMsg msgType: 1037 
    13:51:17.029844  [13:51:16.916450] [0000000114D93077] [VosMC] wlan: [I :WDA] ------> WDA_ProcessStartScanReq 
    13:51:17.029880  [13:51:16.916557] [0000000114D9387D] [VosMC] wlan: [IH:VOS] Timer Addr inside voss_start : 0x0000000000000000 
    13:51:17.029903  [13:51:16.923382] [0000000114DB38AE] [swapp] wlan: [I :VOS] TIMER callback: running on MC thread
    13:51:17.029926  [13:51:16.923894] [0000000114DB5ECB] [VosMC] wlan: [I :VOS] VosMCThread: Servicing the VOS SYS MC Message queue
    13:51:17.029971  [13:51:16.923929] [0000000114DB6168] [VosMC] wlan: [IH:VOS] Timer Addr inside voss_start : 0x0000000000000000 
    13:51:17.029996  [13:51:16.927976] [0000000114DC9127] [VosMC] wlan: [IH:VOS] vos_timer_stop: Timer Addr inside voss_stop : 0x0000000000000000
    13:51:17.030018  [13:51:16.928019] [0000000114DC9431] [VosMC] wlan: [I :WDA] <------ WDA_StartScanReqCallback 
    13:51:17.030040  [13:51:16.928112] [0000000114DC9B29] [VosMC] wlan: [IH:VOS] vos_list_remove_front: list empty
    13:51:17.030062  [13:51:16.928147] [0000000114DC9DC0] [VosMC] wlan: [I :VOS] VosMCThread: Servicing the VOS PE MC Message queue
    13:51:17.030085  [13:51:16.928207] [0000000114DCA240] [VosMC] wlan: [I :PE ] limContinuePostChannelScan: 575: START PASSIVE Scan chan 64
    13:51:17.030107  [13:51:16.928220] [0000000114DCA339] [VosMC] wlan: [I :SYS] tx_timer_deactivate() called for timer MAX CHANNEL TIMEOUT
    13:51:17.030148  [13:51:16.928232] [0000000114DCA41D] [VosMC] wlan: [IH:VOS] vos_timer_stop: Timer Addr inside voss_stop : 0x0000000000000000
    13:51:17.030170  [13:51:16.928244] [0000000114DCA50A] [VosMC] wlan: [IH:VOS] vos_timer_stop: Cannot stop timer in state = 19
    13:51:17.030193  [13:51:16.928261] [0000000114DCA65A] [VosMC] wlan: [I :SYS] Timer MAX CHANNEL TIMEOUT being activated
    13:51:17.030233  [13:51:16.928273] [0000000114DCA73C] [VosMC] wlan: [IH:VOS] Timer Addr inside voss_start : 0x0000000000000000 
    13:51:17.030256  [13:51:16.928295] [0000000114DCA8DF] [VosMC] wlan: [I :SYS] Timer MAX CHANNEL TIMEOUT now activated
    13:51:17.030296  [13:51:16.973733] [0000000114E9F8F8] [swapp] wlan: [I :VOS] TIMER callback: running on MC thread
    13:51:17.030318  [13:51:16.974113] [0000000114EA154D] [VosMC] wlan: [I :VOS] VosMCThread: Servicing the VOS SYS MC Message queue
    13:51:17.030341  [13:51:16.974148] [0000000114EA17D1] [VosMC] wlan: [IH:VOS] Timer Addr inside voss_start : 0x0000000000000000 
    13:51:17.061520  [13:51:17.024632] [0000000114F8E270] [swapp] wlan: [I :VOS] TIMER callback: running on MC thread
    13:51:17.061598  [13:51:17.024869] [0000000114F8F3E7] [VosMC] wlan: [I :VOS] VosMCThread: Servicing the VOS SYS MC Message queue
    13:51:17.061623  [13:51:17.024903] [0000000114F8F67C] [VosMC] wlan: [IH:VOS] Timer Addr inside voss_start : 0x0000000000000000 
    13:51:17.061647  [13:51:17.026933] [0000000114F98F03] [cnss_] wlan: [I :HDD] __wlan_hdd_cfg80211_get_wifi_info: 6759: Rcvd req for FW version FW version is CNSS-PR-4-0-509-158621-1
    13:51:17.061671  [13:51:17.033122] [0000000114FB5F31] [swapp] wlan: [I :VOS] TIMER callback: running on MC thread
    13:51:17.061694  [13:51:17.033292] [0000000114FB6BA3] [VosMC] wlan: [I :VOS] VosMCThread: Servicing the VOS SYS MC Message queue
    13:51:17.061716  [13:51:17.033311] [0000000114FB6D0E] [VosMC] wlan: [I :SYS] Timer MAX CHANNEL TIMEOUT triggered
    13:51:17.061739  [13:51:17.033337] [0000000114FB6F05] [VosMC] wlan: [I :VOS] VosMCThread: Servicing the VOS PE MC Message queue
    13:51:17.061762  [13:51:17.033368] [0000000114FB714E] [VosMC] wlan: [I :PE ] limProcessMaxChannelTimeout: 4127: Scanning : Max channel timed out
    13:51:17.061784  [13:51:17.033382] [0000000114FB7262] [VosMC] wlan: [I :SYS] tx_timer_deactivate() called for timer MAX CHANNEL TIMEOUT
    13:51:17.061825  [13:51:17.033399] [0000000114FB73AE] [VosMC] wlan: [IH:VOS] vos_timer_stop: Timer Addr inside voss_stop : 0x0000000000000000
    13:51:17.061846  [13:51:17.033412] [0000000114FB749F] [VosMC] wlan: [IH:VOS] vos_timer_stop: Cannot stop timer in state = 19
    13:51:17.061869  [13:51:17.033427] [0000000114FB75C9] [VosMC] wlan: [I :SYS] tx_timer_deactivate() called for timer Periodic Probe Request Timer
    13:51:17.061909  [13:51:17.033438] [0000000114FB769F] [VosMC] wlan: [IH:VOS] vos_timer_stop: Timer Addr inside voss_stop : 0x0000000000000000
    13:51:17.061931  [13:51:17.033450] [0000000114FB7783] [VosMC] wlan: [IH:VOS] vos_timer_stop: Cannot stop timer in state = 19
    13:51:17.061955  [13:51:17.033468] [0000000114FB78D4] [VosMC] wlan: [W :PE ] limProcessMaxChannelTimeout: 4154: Sending End Scan req from MAX_CH_TIMEOUT in state 2 on ch-64

    kernel代码分析

    驱动模块初始化函数
    vendor\qcom\opensource\wlan\prima\CORE\HDD\src\wlan_hdd_main.c
        static int hdd_driver_init( void)
    
    vendor\qcom\opensource\wlan\qcacld-2.0\CORE\HDD\src\wlan_hdd_main.c
    int hdd_wlan_startup(struct device *dev, v_VOID_t *hif_sc)
        status = vos_open( &pVosContext, 0);
    
    vendor\qcom\opensource\wlan\prima\CORE\VOSS\src\vos_api.c
        VOS_STATUS vos_open( v_CONTEXT_t *pVosContext, void *devHandle )
    
    其中开启线程
    vendor\qcom\opensource\wlan\prima\CORE\VOSS\src\vos_sched.c
    VOS_STATUS
    vos_sched_open()
    {
        // 创建线程
        //Create the VOSS Main Controller thread
        pSchedContext->McThread = kthread_create(VosMCThread, pSchedContext,
                                               "VosMCThread");
    }
                                               
    // 线程函数
    vendor\qcom\opensource\wlan\prima\CORE\MAC\src\pe\lim\limProcessMlmReqMessages.c
    static int
    VosMCThread
    (
      void * Arg
    )
    {
    
      set_user_nice(current, -2);
    
      while(!shutdown)
      {
        // This implements the execution model algorithm
        retWaitStatus = wait_event_interruptible(pSchedContext->mcWaitQueue,
           test_bit(MC_POST_EVENT, &pSchedContext->mcEventFlag) ||
           test_bit(MC_SUSPEND_EVENT, &pSchedContext->mcEventFlag));
    
        if(retWaitStatus == -ERESTARTSYS)
        {
          VOS_TRACE(VOS_MODULE_ID_VOSS, VOS_TRACE_LEVEL_ERROR,
             "%s: wait_event_interruptible returned -ERESTARTSYS", __func__);
          break;
        }
        clear_bit(MC_POST_EVENT, &pSchedContext->mcEventFlag);
        // 循环
        while(1)
        {
          // Check if MC needs to shutdown
          if(test_bit(MC_SHUTDOWN_EVENT, &pSchedContext->mcEventFlag))
          {
            VOS_TRACE(VOS_MODULE_ID_VOSS, VOS_TRACE_LEVEL_INFO,
                    "%s: MC thread signaled to shutdown", __func__);
            shutdown = VOS_TRUE;
            /* Check for any Suspend Indication */
            if (test_and_clear_bit(MC_SUSPEND_EVENT,
                                   &pSchedContext->mcEventFlag))
            {
               /* Unblock anyone waiting on suspend */
               complete(&pHddCtx->mc_sus_event_var);
            }
            break;
          }
     
            // while循环中处理各种消息
            vStatus = WDA_McProcessMsg( pSchedContext->pVContext, pMsgWrapper->pVosMsg);
            
    
    vendor\qcom\opensource\wlan\prima\CORE\WDA\src\wlan_qct_wda.c
    VOS_STATUS WDA_McProcessMsg( v_CONTEXT_t pVosContext, vos_msg_t *pMsg )
    {
       /* Process all the WDA messages.. */
       switch( pMsg->type )
       {
            // 扫描初始化
          case WDA_INIT_SCAN_REQ:
          {
             WDA_ProcessInitScanReq(pWDA, (tInitScanParams *)pMsg->bodyptr) ;
             break ;    
          }
          /* start SCAN request from PE */
          case WDA_START_SCAN_REQ:              // 扫描
          {
             WDA_ProcessStartScanReq(pWDA, (tStartScanParams *)pMsg->bodyptr) ;
             break ;    
          }
          
          
    // 开始扫描请求
    vendor\qcom\opensource\wlan\prima\CORE\WDA\src\wlan_qct_wda.c
    VOS_STATUS  WDA_ProcessStartScanReq(tWDA_CbContext *pWDA, 
                                               tStartScanParams *startScanParams)
    {
    
       // 开始扫描, 使用回调函数,调用WDA_StartScanReqCallback.
       status = WDI_StartScanReq(wdiStartScanParams, 
                                  WDA_StartScanReqCallback, pWdaParams) ;
       /* failure returned by WDI API */
       if(IS_WDI_STATUS_FAILURE(status))
       {
          VOS_TRACE( VOS_MODULE_ID_WDA, VOS_TRACE_LEVEL_ERROR,
                         "Failure in Start Scan WDI API, free all the memory "
                         "It should be due to previous abort scan." );
          vos_mem_free(pWdaParams->wdaWdiApiMsgParam);
          vos_mem_free(pWdaParams) ;
          startScanParams->status = eSIR_FAILURE ;
          WDA_SendMsg(pWDA, WDA_START_SCAN_RSP, (void *)startScanParams, 0) ;       
       }
       return CONVERT_WDI2VOS_STATUS(status) ;
    }
    
    vendor\qcom\opensource\wlan\prima\CORE\WDA\src\wlan_qct_wda.c
    void WDA_StartScanReqCallback(WDI_StartScanRspParamsType *pScanRsp, 
                                                        void* pUserData)
    {
       // 发送WDA_START_SCAN_RSP消息
       /* assign status to scan params */
       pWDA_ScanParam->status = pScanRsp->wdiStatus ;
       /* send SCAN RSP message back to PE */
       WDA_SendMsg(pWDA, WDA_START_SCAN_RSP, (void *)pWDA_ScanParam, 0) ;               
       return ;
    }
    
    vendor\qcom\opensource\wlan\prima\CORE\MAC\src\pe\lim\limProcessMessageQueue.c
    void
    limProcessMessages(tpAniSirGlobal pMac, tpSirMsgQ  limMsg)
    {
         case SIR_LIM_UPDATE_BEACON:
                limUpdateBeacon(pMac);      // 更新beacon
                break;
         case WDA_INIT_SCAN_RSP:
                limProcessInitScanRsp(pMac, limMsg->bodyptr);
                limMsg->bodyptr = NULL;
                break;
         case WDA_START_SCAN_RSP:               // 处理消息
                limProcessStartScanRsp(pMac, limMsg->bodyptr);
                limMsg->bodyptr = NULL;
                break;
    
                
    // beacon处理函数。
    vendor\qcom\opensource\wlan\prima\CORE\MAC\src\pe\lim\limUtils.c
    
                
    vendor\qcom\opensource\wlan\prima\CORE\MAC\src\pe\lim\limProcessMlmRspMessages.c
    void limProcessStartScanRsp(tpAniSirGlobal pMac,  void *body)
    {
        tpStartScanParams       pStartScanParam;
        eHalStatus              status;
        SET_LIM_PROCESS_DEFD_MESGS(pMac, true);
        pStartScanParam = (tpStartScanParams) body;
        status = pStartScanParam->status;
    #if defined WLAN_FEATURE_VOWIFI
        //HAL fills in the tx power used for mgmt frames in this field.
        //Store this value to use in TPC report IE.
        rrmCacheMgmtTxPower( pMac, pStartScanParam->txMgmtPower, NULL );
        //Store start TSF of scan start. This will be stored in BSS params.
        rrmUpdateStartTSF( pMac, pStartScanParam->startTSF );
    #endif
        vos_mem_free(body);
        body = NULL;
        if( pMac->lim.abortScan )
        {
            limLog( pMac, LOGW, FL(" finish scan") );
            pMac->lim.abortScan = 0;
            limDeactivateAndChangeTimer(pMac, eLIM_MIN_CHANNEL_TIMER);
            limDeactivateAndChangeTimer(pMac, eLIM_MAX_CHANNEL_TIMER);
            //Set the resume channel to Any valid channel (invalid). 
            //This will instruct HAL to set it to any previous valid channel.
            peSetResumeChannel(pMac, 0, 0);
            limSendHalFinishScanReq(pMac, eLIM_HAL_FINISH_SCAN_WAIT_STATE);
        }
        switch(pMac->lim.gLimHalScanState)
        {
            case eLIM_HAL_START_SCAN_WAIT_STATE:
                if (status != (tANI_U32) eHAL_STATUS_SUCCESS)
                {
                   PELOGW(limLog(pMac, LOGW, FL("StartScanRsp with failed status= %d"), status);)
                   //
                   // FIXME - With this, LIM will try and recover state, but
                   // eWNI_SME_SCAN_CNF maybe reporting an incorrect
                   // status back to the SME
                   //
                   //Set the resume channel to Any valid channel (invalid). 
                   //This will instruct HAL to set it to any previous valid channel.
                   peSetResumeChannel(pMac, 0, 0);
                   limSendHalFinishScanReq( pMac, eLIM_HAL_FINISH_SCAN_WAIT_STATE );
                   //limCompleteMlmScan(pMac, eSIR_SME_HAL_SCAN_INIT_FAILED);
                }
                else
                {
                   pMac->lim.gLimHalScanState = eLIM_HAL_SCANNING_STATE;
                   limContinuePostChannelScan(pMac);                        // 扫描
                }
                break;
            default:
                limLog(pMac, LOGW, FL("Rcvd StartScanRsp not in WAIT State, state %d"),
                         pMac->lim.gLimHalScanState);
                break;
        }
        return;
    }
    
    vendor\qcom\opensource\wlan\prima\CORE\MAC\src\pe\lim\limProcessMlmReqMessages.c
    void limContinuePostChannelScan(tpAniSirGlobal pMac)
    {
    // 开始扫描
           do
            {
                tSirMacAddr         gSelfMacAddr;
    
                /* Send self MAC as src address if
                 * MAC spoof is not enabled OR
                 * spoofMacAddr is all 0 OR
                 * disableP2PMacSpoof is enabled and scan is P2P scan
                 * else use the spoofMac as src address
                 */
                if ((pMac->lim.isSpoofingEnabled != TRUE) ||
                    (TRUE ==
                    vos_is_macaddr_zero((v_MACADDR_t *)&pMac->lim.spoofMacAddr)) ||
                    (pMac->roam.configParam.disableP2PMacSpoofing &&
                    pMac->lim.gpLimMlmScanReq->p2pSearch)) {
                    vos_mem_copy(gSelfMacAddr, pMac->lim.gSelfMacAddr, VOS_MAC_ADDRESS_LEN);
                } else {
                    vos_mem_copy(gSelfMacAddr, pMac->lim.spoofMacAddr, VOS_MAC_ADDRESS_LEN);
                }
                limLog(pMac, LOG1,
                     FL(" Mac Addr "MAC_ADDRESS_STR " used in sending ProbeReq number %d, for SSID %s on channel: %d"),
                          MAC_ADDR_ARRAY(gSelfMacAddr) ,i, pMac->lim.gpLimMlmScanReq->ssId[i].ssId, channelNum);
                // include additional IE if there is
    // 发出probe request数据帧,主动扫描
                status = limSendProbeReqMgmtFrame( pMac, &pMac->lim.gpLimMlmScanReq->ssId[i],
                   pMac->lim.gpLimMlmScanReq->bssId, channelNum, gSelfMacAddr,
                   pMac->lim.gpLimMlmScanReq->dot11mode,
                   pMac->lim.gpLimMlmScanReq->uIEFieldLen,
                   (tANI_U8 *)(pMac->lim.gpLimMlmScanReq)+pMac->lim.gpLimMlmScanReq->uIEFieldOffset);
                
                if ( status != eSIR_SUCCESS)
                {
                    PELOGE(limLog(pMac, LOGE, FL("send ProbeReq failed for SSID %s on channel: %d"),
                                                    pMac->lim.gpLimMlmScanReq->ssId[i].ssId, channelNum);)
                    limDeactivateAndChangeTimer(pMac, eLIM_MIN_CHANNEL_TIMER);
                    limSendHalEndScanReq(pMac, channelNum, eLIM_HAL_END_SCAN_WAIT_STATE);
                    return;
                }
                i++;
            } while (i < pMac->lim.gpLimMlmScanReq->numSsid);
       else
        {
            tANI_U32 val;
    // 被动扫描
            limLog(pMac, LOG1, FL("START PASSIVE Scan chan %d"), channelNum);               
    
            /// Passive Scanning. Activate maxChannelTimer
            if (tx_timer_deactivate(&pMac->lim.limTimers.gLimMaxChannelTimer)               // 定时器, 信道停留最大时间
                                          != TX_SUCCESS)
            {
                // Could not deactivate max channel timer.
                // Log error
                limLog(pMac, LOGE, FL("Unable to deactivate max channel timer"));
                limSendHalEndScanReq(pMac, channelNum,
                                     eLIM_HAL_END_SCAN_WAIT_STATE);
            }
            else
            {
                if (pMac->miracast_mode)
                {
                    val = DEFAULT_MIN_CHAN_TIME_DURING_MIRACAST +
                        DEFAULT_MAX_CHAN_TIME_DURING_MIRACAST;
                }
                else if (wlan_cfgGetInt(pMac, WNI_CFG_PASSIVE_MAXIMUM_CHANNEL_TIME,
                              &val) != eSIR_SUCCESS)
                {
                    /**
                     * Could not get max channel value
                     * from CFG. Log error.
                     */
                    limLog(pMac, LOGE,
                     FL("could not retrieve passive max chan value, Use Def val"));
                    val= WNI_CFG_PASSIVE_MAXIMUM_CHANNEL_TIME_STADEF;
                }
    
                val = SYS_MS_TO_TICKS(val);
                // 重新设置定时器
                if (tx_timer_change(&pMac->lim.limTimers.gLimMaxChannelTimer,       
                            val, 0) != TX_SUCCESS)
                {
                    // Could not change max channel timer.
                    // Log error
                    limLog(pMac, LOGE, FL("Unable to change max channel timer"));
                    limDeactivateAndChangeTimer(pMac, eLIM_MAX_CHANNEL_TIMER);
                    limSendHalEndScanReq(pMac, channelNum,
                                      eLIM_HAL_END_SCAN_WAIT_STATE);
                    return;
                }
                else if (tx_timer_activate(&pMac->lim.limTimers.gLimMaxChannelTimer)
                                                                      != TX_SUCCESS)
                {
    
                    limLog(pMac, LOGE, FL("could not start max channel timer"));
                    limDeactivateAndChangeTimer(pMac, eLIM_MAX_CHANNEL_TIMER);
                    limSendHalEndScanReq(pMac, channelNum,
                                     eLIM_HAL_END_SCAN_WAIT_STATE);
                    return;
                }
            }
            // Wait for Beacons to arrive
        } // if (pMac->lim.gLimMlmScanReq->scanType == eSIR_ACTIVE_SCAN)
    
        limAddScanChannelInfo(pMac, channelNum);
        return;
    }
    
    probe request位置
    vendor\qcom\opensource\wlan\prima\CORE\MAC\src\pe\lim\limSendManagementFrames.c
    
    停止定时器处理函数
    vendor\qcom\opensource\wlan\prima\CORE\SYS\legacy\src\platform\src\VossWrapper.c
    
    超时处理函数, 代码中可以看到,好多超时用的都是同一个函数
    vendor\qcom\opensource\wlan\prima\CORE\MAC\src\pe\lim\limProcessMessageQueue.c
    void
    limProcessMessages(tpAniSirGlobal pMac, tpSirMsgQ  limMsg)
            case SIR_LIM_MIN_CHANNEL_TIMEOUT:
            case SIR_LIM_MAX_CHANNEL_TIMEOUT:
            case SIR_LIM_PERIODIC_PROBE_REQ_TIMEOUT:
            case SIR_LIM_JOIN_FAIL_TIMEOUT:
            case SIR_LIM_PERIODIC_JOIN_PROBE_REQ_TIMEOUT:
            case SIR_LIM_AUTH_FAIL_TIMEOUT:
            case SIR_LIM_AUTH_RSP_TIMEOUT:
            case SIR_LIM_ASSOC_FAIL_TIMEOUT:
            case SIR_LIM_REASSOC_FAIL_TIMEOUT:
    #ifdef WLAN_FEATURE_VOWIFI_11R
            case SIR_LIM_FT_PREAUTH_RSP_TIMEOUT:
    #endif
            case SIR_LIM_REMAIN_CHN_TIMEOUT:
            case SIR_LIM_INSERT_SINGLESHOT_NOA_TIMEOUT:
            case SIR_LIM_DISASSOC_ACK_TIMEOUT:
            case SIR_LIM_DEAUTH_ACK_TIMEOUT:
            case SIR_LIM_CONVERT_ACTIVE_CHANNEL_TO_PASSIVE:
            case SIR_LIM_AUTH_RETRY_TIMEOUT:
            case SIR_LIM_SAP_ECSA_TIMEOUT:
    #ifdef WLAN_FEATURE_LFR_MBB
            case SIR_LIM_PREAUTH_MBB_RSP_TIMEOUT:
            case SIR_LIM_REASSOC_MBB_RSP_TIMEOUT:
    #endif
                // These timeout messages are handled by MLM sub module
    
                limProcessMlmReqMessages(pMac,
                                         limMsg);
    
                break;
    }
    
    不同消息函数处理
    vendor\qcom\opensource\wlan\prima\CORE\MAC\src\pe\lim\limProcessMlmReqMessages.c
    void
    limProcessMlmReqMessages(tpAniSirGlobal pMac, tpSirMsgQ Msg)
    {
        switch (Msg->type)
        {
            case LIM_MLM_START_REQ:             limProcessMlmStartReq(pMac, Msg->bodyptr);   break;
            case LIM_MLM_SCAN_REQ:              limProcessMlmScanReq(pMac, Msg->bodyptr);    break;
    #ifdef FEATURE_OEM_DATA_SUPPORT
            case LIM_MLM_OEM_DATA_REQ: limProcessMlmOemDataReq(pMac, Msg->bodyptr); break;
    #endif
            case LIM_MLM_JOIN_REQ:              limProcessMlmJoinReq(pMac, Msg->bodyptr);    break;
            case LIM_MLM_AUTH_REQ:              limProcessMlmAuthReq(pMac, Msg->bodyptr);    break;
            case LIM_MLM_ASSOC_REQ:             limProcessMlmAssocReq(pMac, Msg->bodyptr);   break;
            // 重关联超时
            case LIM_MLM_REASSOC_REQ:           limProcessMlmReassocReq(pMac, Msg->bodyptr); break;
            // 取消关联请求
            case LIM_MLM_DISASSOC_REQ:          limProcessMlmDisassocReq(pMac, Msg->bodyptr);  break;
            case LIM_MLM_DEAUTH_REQ:            limProcessMlmDeauthReq(pMac, Msg->bodyptr);  break;
            case LIM_MLM_SETKEYS_REQ:           limProcessMlmSetKeysReq(pMac, Msg->bodyptr);  break;
            case LIM_MLM_REMOVEKEY_REQ:         limProcessMlmRemoveKeyReq(pMac, Msg->bodyptr); break;
            case SIR_LIM_MIN_CHANNEL_TIMEOUT:   limProcessMinChannelTimeout(pMac);  break;
            // 超时处理
            case SIR_LIM_MAX_CHANNEL_TIMEOUT:   limProcessMaxChannelTimeout(pMac);  break;
            case SIR_LIM_PERIODIC_PROBE_REQ_TIMEOUT:
                                   limProcessPeriodicProbeReqTimer(pMac);  break;
            case SIR_LIM_JOIN_FAIL_TIMEOUT:     limProcessJoinFailureTimeout(pMac);  break;
            case SIR_LIM_PERIODIC_JOIN_PROBE_REQ_TIMEOUT:
                                                limProcessPeriodicJoinProbeReqTimer(pMac); break;
            case SIR_LIM_AUTH_FAIL_TIMEOUT:     limProcessAuthFailureTimeout(pMac);  break;
            case SIR_LIM_AUTH_RSP_TIMEOUT:      limProcessAuthRspTimeout(pMac, Msg->bodyval);  break;
            case SIR_LIM_ASSOC_FAIL_TIMEOUT:    limProcessAssocFailureTimeout(pMac, Msg->bodyval);  break;
    #ifdef WLAN_FEATURE_VOWIFI_11R
            case SIR_LIM_FT_PREAUTH_RSP_TIMEOUT:limProcessFTPreauthRspTimeout(pMac); break;
    #endif
    #ifdef WLAN_FEATURE_LFR_MBB
            case SIR_LIM_PREAUTH_MBB_RSP_TIMEOUT:
                 lim_process_preauth_mbb_rsp_timeout(pMac);
                 break;
            case SIR_LIM_REASSOC_MBB_RSP_TIMEOUT:
                 lim_process_reassoc_mbb_rsp_timeout(pMac);
                 break;
    #endif
            case SIR_LIM_REMAIN_CHN_TIMEOUT:    limProcessRemainOnChnTimeout(pMac); break;
            case SIR_LIM_INSERT_SINGLESHOT_NOA_TIMEOUT:   
                                                limProcessInsertSingleShotNOATimeout(pMac); break;
            case SIR_LIM_CONVERT_ACTIVE_CHANNEL_TO_PASSIVE:
                                                limConvertActiveChannelToPassiveChannel(pMac); break;
            case SIR_LIM_AUTH_RETRY_TIMEOUT:
                                                limProcessAuthRetryTimer(pMac);
                                                break;
            case SIR_LIM_DISASSOC_ACK_TIMEOUT:  limProcessDisassocAckTimeout(pMac); break;
            case SIR_LIM_DEAUTH_ACK_TIMEOUT:    limProcessDeauthAckTimeout(pMac); break;
            case SIR_LIM_SAP_ECSA_TIMEOUT:      lim_process_ap_ecsa_timeout(pMac);break;
            case LIM_MLM_ADDBA_REQ:             limProcessMlmAddBAReq( pMac, Msg->bodyptr ); break;
            case LIM_MLM_ADDBA_RSP:             limProcessMlmAddBARsp( pMac, Msg->bodyptr ); break;
            case LIM_MLM_DELBA_REQ:             limProcessMlmDelBAReq( pMac, Msg->bodyptr ); break;
            case LIM_MLM_TSPEC_REQ:                 
            default:
                break;
        } // switch (msgType)
    } /*** end limProcessMlmReqMessages() ***/
    
    
    vendor\qcom\opensource\wlan\prima\CORE\MAC\src\pe\lim\limProcessMlmReqMessages.c
    void
    limProcessMlmReqMessages(tpAniSirGlobal pMac, tpSirMsgQ Msg)
    
    vendor\qcom\opensource\wlan\prima\CORE\MAC\src\pe\lim\limProcessMlmReqMessages.c
    超时函数
    static void
    limProcessMaxChannelTimeout(tpAniSirGlobal pMac)
    {
        tANI_U8 channelNum;
    
        /*do not process if we are in finish scan wait state i.e.
         scan is aborted or finished*/
        if ((pMac->lim.gLimMlmState == eLIM_MLM_WT_PROBE_RESP_STATE ||
            pMac->lim.gLimMlmState == eLIM_MLM_PASSIVE_SCAN_STATE) &&
            pMac->lim.gLimHalScanState != eLIM_HAL_FINISH_SCAN_WAIT_STATE)
        {
            limLog(pMac, LOG1, FL("Scanning : Max channel timed out"));         // 打印log,提示超时
            /**
             * MAX channel timer timed out
             * Continue channel scan.
             */
            limDeactivateAndChangeTimer(pMac, eLIM_MAX_CHANNEL_TIMER);
            limDeactivateAndChangeTimer(pMac, eLIM_PERIODIC_PROBE_REQ_TIMER);
            pMac->lim.limTimers.gLimPeriodicProbeReqTimer.sessionId = 0xff;
            pMac->lim.probeCounter = 0;
    
           if (pMac->lim.gLimCurrentScanChannelId <=
                    (tANI_U32)(pMac->lim.gpLimMlmScanReq->channelList.numChannels - 1))
            {
            channelNum = limGetCurrentScanChannel(pMac);
            }
            else
            {
                if(pMac->lim.gpLimMlmScanReq->channelList.channelNumber)
                {
                    channelNum = pMac->lim.gpLimMlmScanReq->channelList.channelNumber[pMac->lim.gpLimMlmScanReq->channelList.numChannels - 1];
                }
                else
                {
                   channelNum = 1;
                }
            }
            limLog(pMac, LOGW,
               FL("Sending End Scan req from MAX_CH_TIMEOUT in state %d on ch-%d"),     // kerel log
               pMac->lim.gLimMlmState,channelNum);
            limSendHalEndScanReq(pMac, channelNum, eLIM_HAL_END_SCAN_WAIT_STATE);       // 停止扫描请求
        }
        else
        {
            /**
             * MAX channel timer should not have timed out
             * in states other than wait_scan.
             * Log error.
             */
            limLog(pMac, LOGW,
               FL("received unexpected MAX channel timeout in mlme state %d and hal scan state %d"),
               pMac->lim.gLimMlmState, pMac->lim.gLimHalScanState);
            limPrintMlmState(pMac, LOGW, pMac->lim.gLimMlmState);
        }
    } /*** limProcessMaxChannelTimeout() ***/
    展开全文
  • 查找网上很多资料,基本类似,没有找到主动扫描周边wifi的代码,都是被动获取电脑扫描的,时效性太差。没办法,自己研究查找,果然wlanapi.dll里有对应的方法~
  • 实验一 网络扫描与网络侦察 实验目的:理解网络扫描、网络侦察的作用;通过搭建网络渗透测试平台,了解并熟悉常用搜索引擎、扫描工具的应用,通过信息收集为下一步渗透工作打下基础。 系统环境:Kali Linux 2、...

    1、用搜索引擎Google或百度搜索麻省理工学院网站中文件名包含“network security”的pdf文档,截图搜索得到的页面。
    搜索语法 inurl:文件格式 文件名 :域名
    我们先去麻省理工学院看一下域名是mit.edu
    我们随便点进去看一个
    在这里插入图片描述
    在这里插入图片描述

    2、照片中的女生在哪里旅行?
    截图搜索到的地址信息。
    搜索letrentehuit发现这是一家法国巴黎的店,招牌是Le Trentehuit,再去百度地图查找即可

    在这里插入图片描述

    在这里插入图片描述

    3、手机位置定位。通过LAC(Location Area Code,位置区域码)和CID(Cell Identity,基站编号,是个16位的数据(范围是0到65535)可以查询手机接入的基站的位置,从而初步确定手机用户的位置。
    获取自己手机的LAC和CID:

    获取手机的LAC 和CID之后可以使用vbskit工具进行基站检测

    在这里插入图片描述
    在这里插入图片描述

    4、编码解码
    将Z29vZCBnb29kIHN0dWR5IQ==解码。截图。
    在这里插入图片描述

    5、地址信息
    5.1内网中捕获到一个以太帧,源MAC地址为:98-CA-33-02-27-B5;目的IP地址为:202.193.64.34,回答问题:该用户使用的什么品牌的设备,访问的是什么网站?并附截图

    在这里插入图片描述
    上网搜索即可得知是苹果公司的设备,再搜索ip地址得到在这里插入图片描述

    5.2 访问https://whatismyipaddress.com得到MyIP信息,利用ipconfig(Windows)或ifconfig(Linux)查看本机IP地址,两者值相同吗?如果不相同的话,说明原因

    不相同,113.13.36.225网站访问得到的是外网ip地址,也就是我们暴露在网络中的ip地址。
    192.168.31
    192.168.31.204 是内网ip,属于局域网,外部的连接无法直接访问内网,所以访问到的是外网ip。

    6、NMAP使用
    6.1利用NMAP扫描Metasploitable2(需下载虚拟机镜像)的端口开放情况。并附截图。说明其中四个端口的提供的服务,查阅资料,简要说明该服务的功能。

    先用nmap -sn进行主机发现,找到靶机ip。再对靶机进行端口发现
    在这里插入图片描述
    在这里插入图片描述

    6.2利用NMAP扫描Metasploitable2的操作系统类型,并附截图。
    在这里插入图片描述
    在这里插入图片描述
    linux系统
    6.3 利用NMAP穷举 Metasploitable2上dvwa的登录账号和密码
    在这里插入图片描述

    在这里插入图片描述

    在这里插入图片描述
    成功破解
    6.4 查阅资料,永恒之蓝-WannaCry蠕虫利用漏洞的相关信息。

    该蠕虫病毒会通过远程服务器和自身爬虫功能收集局域网内的IP列表,然后对其中的多个服务端口发起攻击,包括RPC服务(135端口)、SQLServer服务(1433端口)、FTP服务(21端口),同时还会通过 "永恒之蓝"漏洞,入侵445端口,攻击电脑。

    由于该病毒针对企业不便关闭的多个常用端口进行攻击,并且利用了局域网电脑中普遍未修复的"永恒之蓝"漏洞,一旦任何一台电脑被该病毒感染,将意味着局域网内所有电脑都面临被感染的风险,尤其给政企机构用户造成极大威胁。

    如果病毒成功入侵或攻击端口,就会从远程服务器下载病毒代码,进而横向传播给局域网内其他电脑。同时,该病毒还会在被感染电脑中留下后门病毒,以准备进行后续的恶意攻击,不排除未来会向用户电脑传播更具威胁性病毒的可能性,例如勒索病毒等。

    7、利用ZoomEye搜索一个西门子公司工控设备,并描述其可能存在的安全问题。
    在这里插入图片描述
    钟馗之眼会显示其服务器开放的端口,可能会利用。

    8、Winhex简单数据恢复与取证
    8.1 elephant.jpg不能打开了,利用WinHex修复,说明修复过程。

    在这里插入图片描述
    在这里插入图片描述
    jpg文件文件头改为FFD8FF即可
    8.2 笑脸背后的阴霾:图片smile有什么隐藏信息。
    在这里插入图片描述
    汤姆是个杀手
    8.3 尝试使用数据恢复软件恢复你的U盘中曾经删除的文件。
    把上面的象鼻山图片和笑脸图片拉进U盘,然后删除用软件恢复
    在这里插入图片描述在这里插入图片描述

    9、实验小结

    只需一张图片就能推断是哪个地方。还有数据恢复软件,据我所知u盘的数据删除是直接删除不经过回收站的,然后数据恢复软件可以恢复已经删除的文件,就很神奇。感觉到了这门课的新奇之处,还得更深入学习才行。

    展开全文
  • 在去年到今年期间,出现了fofa2xray这样通过调用fofa的api,配合xray的被动扫描,实现挖洞。 本人有幸花了点时间搭好环境,但在确定api已经调用成功后,发现无法返还数据,如图 得出的结果:也许只有开发者的脚本...
  • nmap能干什么就不用说了,在主动探测的领域算是一顶一的大拿,使用方法也不是很难,我这段时间也发现了一些能够图形化来使用nmap的程序,也有一些基于b/s架构的web操作方式,同时,为了能够更快速的进行扫描,通过...
  • 被动扫描、主动扫描的概念

    千次阅读 2019-06-17 23:00:27
    被动扫描、主动扫描:对一个目标进行信息的搜集 一、被动扫描 特点:主要指的是在目标无法察觉的情况下进行的信息收集 有时我们需要对某个网站进行黑盒测试,从他人那里只能获得一个域名,通过这个域名,我们可以...
  • 要实现wifi上的探针模块,简单了了解了802.11中的各种帧,对一些帧的发送...这里详细介绍一下802.11中的主动扫描和被动扫描。 主动扫描和被动扫描是在手机的角度来说,手机为了发现AP,必须进行扫描,通过扫描得到...
  • BLE主机主动扫描和被动扫描

    千次阅读 2017-07-19 11:57:59
    1.目的 ...主动扫描和被动扫描的区别在于:主动扫描可以获得广播数据和扫描回应数据。而被动扫描只能获得广播数据不能获得扫描数据。 3.平台: 协议栈版本:SDK10.0.0 编译软件:keil 5.
  • 主动扫描与被动扫描

    万次阅读 2017-08-29 15:37:04
    之前要实现wifi上的探针模块,简单了了解了802.11中的各种帧,对一些帧的发送频率和方式也有简单了解。不过了解的都不够细致。...主动扫描和被动扫描是在手机的角度来说,手机为了发现AP,必须进行扫描,通过扫描
  • 电子政务-主动扫描电子控制远程瞄准射击系统.zip
  • USB Threat Defender病毒主动扫描软件是终极USB防病毒解决方案,其独特的主动和定义扫描技术结合在一起,释放出一种新的安全堡垒的水平,快来下载体验吧。 软件介绍 USB Threat Defender病毒主动扫描软件不只是另一...
  • nmap是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端。确定哪些服务运行在哪些连接端,并且推断计算机运行哪个操作系统. Wireshark是一个网络封包分析软件。网络封包分析软件的功能是截取网络封包,...
  • 四、Kali Linux 2 主动扫描

    千次阅读 2022-02-14 23:51:20
    主动扫描: 相对被动扫描而言,主动扫描的范围要小得多。主动扫描一般都是针对目标发送特制的数据包,然后根据目标的反应来获得一些信息。这些信息主要包括目标主机是否在线,目标主机的指定端口是否开放,目标主机...
  • 51822 --- 主机主动扫描和被动扫描

    万次阅读 2016-05-18 17:09:30
    1.目的 ...主动扫描和被动扫描的区别在于:主动扫描可以获得广播数据和扫描回应数据。而被动扫描只能获得广播数据不能获得扫描数据。 3.平台: 协议栈版本:SDK10.0.0 编译软件:keil 5.12
  • 1、被动扫描扫描完成后导出被动扫描报告可以导出xml或者html,我们这里搞html出来ok!2、主动扫描扫描方法同上 只是选择Activity Scan
  • 文章目录命令入口nl80211_trigger_scan()struct cfg80211_scan_requestmac80211...这篇笔记记录了linux内核无线子系统处理主动扫描命令的过程。 命令入口 在nl80211中,对主动扫描的netlink命令定义如下: static st
  • Xray批量化自动扫描 使用方法: 一,在target.txt里按行放置待扫描URL,如图: 二,将Xray所在文件夹配置到电脑环境变量里 三,然后运行pppXray.py即可 运行截图: 关于 2021/2/20更新 添加命令行参数与自定义xray...
  • 相比被动扫描,主动扫描的范围要小很多,主动扫描一般都是先针对目标发送特制的数据包,然后根据目标的反应来获得一些信息,这些信息主要包括目标设备是否在线,目标设备的指定端口是否开放,目标设备所使用的操作...
  • 以nmap的速率来说,扫描速率是比不上masscan和zmap的。对于masscan的具体原理没有看,但是我看了一下发出的流量,都是类似mirai的方式,也就是说,直接发送大量syn包,然后来收包。 在masscan的github_masscan上可以...
  • 主动扫描系列文章(1):nmap的基础使用 主动扫描系列文章(2):masscan/zmap扫描主机与端口 0. 引言 前面文章中,已经介绍了nmap的初步使用方法,基本上对于扫描个服务器来说,没有任何压力了,识别端口,识别...
  • 目前实现了主动扫描和被动扫描 主动扫描模块使用了珍藏字典 被动扫描模块将会分析每一个经过burpsuite的请求,如果是js文件就会记录 排除常见的JS库,只分析自定义JS,有效发现目标 将扫描到的自定义JS文件自动添加...
  • Android 9如何主动扫描获得wifi列表?

    千次阅读 2019-08-25 17:15:26
    研究生方向是室内定位,之前利用安卓平台写了一个定时扫描获取WiFi列表的app: 当时遇到的主要问题是:通过startScan扫描过后wifi列表并不能马上更新,几次实验发现2秒左右才更新一次,当时也没找到更好的解决办法。...
  • 信息收集之:主动信息收集——端口扫描2 端口扫描2.1 UDP 端口扫描2.1.1 SCAPY2.1.2 NMAP2.2 TCP 端口扫描2.2.1 僵尸扫描2.2.2 隐蔽扫描2.2.2.1 SCAPY2.2.2.2 NMAP2.2.2.3 hping2.2.3 全连接扫描2.2.3.1 SCAPY2.2....
  • 【常用工具】BurpSuite扫描

    万次阅读 2022-01-19 10:58:22
    1. 了解软件的抓包功能和扫描功能。 2. 了解主动扫描和被动扫描的差异。 3. 掌握请求报文和响应报文内容。
  • 主动信息扫描

    千次阅读 2021-12-09 21:30:08
    一、使用Kali进行主动信息的收集 1.1 基于ping命令的探测 提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档 文章目录 一、什么是ping命令 二、ping命令的使用 1.判断主机是否存活 2....

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 76,517
精华内容 30,606
关键字:

主动扫描