介绍一套给网管使用的安全检查工具

介绍一套给网管使用的安全检查工具，可检查下列漏洞：

Web Checks - 126 Checks

***********************

Web service is running

Misc Evaluate web service software

Misc MS Proxy Server

Misc Remote IIS administration

Misc Oracle owa_util package

Execute Commands msadc

Execute Commands campas

Execute Commands jj

Execute Commands formmail

Execute Commands formmail.pl

Execute Commands faxsurvey

Execute Commands get32.exe

Execute Commands alibaba.pl

Execute Commands tst.bat

Execute Commands phf

Execute Commands webdist.cgi

Execute Commands aglimpse.cgi

Execute Commands echo.bat

Execute Commands hello.bat

Execute Commands loadpage.cgi

Execute Commands Oracle Bat files

View files iissamples/issamples/query.idq

View files iissamples/issamples/fastq.idq

View files iissamples/exair/search/search.idq

View files iissamples/exair/search/query.idq

View files prxdocs/misc/prxrch.idq

View files iissamples/issamples/oop/qfullhit.htw

View files iissamples/issamples/oop/qsumrhit.htw

View files scripts/samples/search/qfullhit.htw

View files scripts/samples/search/qsumrhit.htw

View files Webhits

View files scripts/samples/search/author.idq

View files scripts/samples/search/filesize.idq

View files scripts/samples/search/filetime.idq

View files scripts/samples/search/query.idq

View files scripts/samples/search/queryhit.idq

View files scripts/samples/search/simple.idq

View files scripts/samples/search/filesize.idq

View files scripts/samples/search/filetime.idq

View files scripts/samples/search/query.idq

View files scripts/samples/search/queryhit.idq

View files scripts/samples/search/simple.idq

View files scripts/samples/search/qfullhit.htw

View files scripts/samples/search/qsumrhit.htw

View files scripts/samples/search/webhits.exe

View files iissamples/exair/howitworks/codebrws.asp

View files msadc/samples/selector/showcode.asp

View files scripts/rguest.exe

View files cgi-bin/rguest.exe

View files scripts/wguest.exe

View files cgi-bin/wguest.exe

View files Search admin webhits.exe

View files view-source

View files ~root

View files ~ftp

View files FormHandler.cgi

View files AltaVista query

View files search.cgi (EZSHOPPER)

View files htsearch

View files sojourn.cgi

View files windmail

Information cfcache.map

Information idc reveals physical paths

Information bdir.htr

Information server-info

Information server-status

Information robots.txt

Information cgi-bin/enivron.pl

Information scripts/environ.pl

Information testcgi

Information test-cgi

Information test.cgi

Information cgitest.exe

Information nph-test-cgi

Information mkilog.exe

Information mkplog.exe

Information cgi-bin/htimage.exe

Information scripts/htimage.exe

Information names.nsf

Information catalog.nsf

Information log.nsf

Information domlog.nsf

Information domcfg.nsf

Information doctodep.btr

FrontPage administrators.pwd

FrontPage authors.pwd

FrontPage users.pwd

FrontPage service.pwd

FrontPage IIS Account shtml.dll

Directory Listing cgi-bin

Directory Listing scripts

Directory Listing Netscape PageService

Shell check cgi-bin/sh

Shell check cgi-bin/csh

Shell check cgi-bin/ksh

Shell check cgi-bin/tcsh

Shell check cgi-bin/cmd.exe

Shell check scripts/cmd.exe

Perl cgi-bin/cmd32.exe

Perl scripts/cmd32.exe

Perl cgi-bin/perl.exe

Perl scripts/perl.exe

Perl Errors reveal info

Create file newdsn.exe

BUffer overrun fpcount.exe

Buffer Overrun count.cgi

Predictable SessionID rightfax

Search iissamples/issamples/query.asp

Search iissamples/exair/search/advsearch.asp

Search samples/search/queryhit.htm

Search Netscape

Password Attacks iisadmpwd/aexp3.htr

HTTP Methods allowed to root directory

HTTP Methods allowed to /users

HTTP Methods allowed to /cgi-bin

HTTP Methods allowed to /scripts

Create file in /users directory

Create file in /cgi-bin directory

Create file in / directory

Create file in /scripts directory

File Upload repost.asp

File Upload cgi-win/uploader.exe

View Source Netscape append space

View Source shtml.dll

View Source ::$DATA

Configuration .htaccess

SMTP Service - 21 Checks

************************

SMTP service is running

Service software enumeration

EXPN command allowed

VRFY command allowed

VERB command allowed

Mail relaying allowed'

Win2k SMTP IIS Service Buffer Overrun

SLMail Buffer Overrun

Exchange Service Packs

Sendmail Wizard

Sendmail debug

Sendmail piped aliases

Mail to programs

Mail from bounce check

Sendmail 8.6.9 IDENT vulnerability

Sendmail 8.6.11 DoS vulnerability

Sendmail 8.7.5 GECOS buffer overrun vulnerability

Sendmail 8.8.0 MIME buffer overrun vulnerability

Sendmail 8.8.3 MIME buffer overrun vulnerability

Decode alias check

Mail forgery

FTP Checks - 7 Checks

*********************

FTP daemon is running

Service Software enumeration

IIS 4 DoS

Anonymous logins allowed

Hidden /c directory found

Uploads allowed to /c

Uploads allowed to root

Portmapper - 2 Checks

*********************

Portmapper is listening

Dump RPC Services running

POP3 Checks - 3 Checks

**********************

POP3 Daemon is running

Service software enumeration

QPOP buffer overrun

MS SQL Server Checks - 19 Checks

********************************

MS SQL Server is running

sa login has no password

Dump logins from master database

login has a blank password

login's password is same as login name

Dump databases

guest account is enabled on database

Dump logins with access to database

Audit database roles in database

Audit members of server-wide sysadmin role

Audit members of server-wide securityadmin role

Audit members of server-wide setupadmin role

Audit members of server-wide serveradmin role

Audit members of server-wide diskadmin role

Audit members of server-wide processadmin role

Audit members of server-wide dbcreator role

Check if SQL Authentication is allowed

Check if Mixed Mode Authentication is allowed

Check if NT Authentication is allowed

NT Accounts - 8 Checks

********************

Enumnerate Account Name

User Full name

User Comment

User Privs

User Last logon

User Last password change

Account has a blank password

Account has password same as userID

NT Shares - 3 Checks

********************

Share Name

Share Type

Null session connection

NT Groups - 2 Checks

********************

Enumerate group names

Enumerate and list members

• ·老夫子12——神机妙算|报价￥8.40|图书,
• ·朱德庸作品-绝对小孩|报价￥16.30|图书,
• ·酷头哈妹2|报价￥9.50|图书,动漫与幽默,
• ·酷头哈妹1|报价￥9.50|图书,动漫与幽默,
• ·逃离恐怖岛12-屠龙勇者(32开)|报价￥9.
• ·酷头哈妹2|报价￥5.70|图书,动漫与幽默,
• ·得到了代理服务器地址该如何使用
• ·酷头哈妹1|报价￥5.70|图书,动漫与幽默,
• ·老夫子（1-10）|报价￥52.80|图书,动
• ·WinNT&Win2K下实现进程的完全隐藏