前言
通过检查回包,识别端口是否经过防火墙过滤
大概有四种情况
当然误差存在一定误差
1、scapy
根据上述四种情况,可以写个脚本
fw_detect.py
#!/usr/bin/python
import logging
from scapy.all import *
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
import sys
if len(sys.argv)!=3:
print("Example: ./fw_detect.py 10.0.0.5 443")
sys.exit()
ip=sys.argv[1]
port=int(sys.argv[2])
ACK_response=sr1(IP(dst=ip)/TCP(dport=port,flags='A'),timeout=1,verbose=0)
SYN_response=sr1(IP(dst=ip)/TCP(dport=port,flags='S'),timeout=1,verbose=0)
if ACK_response==None and SYN_response==None:
print("Port is either unstatefully filtered or host is down")
elif (ACK_response==None or SYN_response==None) and not (ACK_response==None and SYN_response==None):
print("Stateful filtering in place")
elif int(SYN_response[TCP].flags)==18:
print("Port is unfiltered and open")
elif int(SYN_response[TCP].flags)==20:
print("Port is unfiltered and close")
else:
print("Unable to determine if the port is filtered")
2、负载均衡识别
lbd www.baidu.com #简单
3、waf识别
web应用防火墙
现在是基于机器学习的了
所以以下指令的效果笔者没有验证
不好说
wafw00f -l #wafw00f是最常用的waf扫描
wafw00f http://www.mcrosoft.com
nmap www.mcrosoft.com --script=http-waf-detect.nse #nmap真的是很强大呢,各种脚本
结语
防火墙更新较快
需要与时俱进