Flan Scan – Cloudflare 出產的 vulnerability scanner (弱點掃描)

Flan Scan –  Cloudflare 出產的 vulnerability scanner (弱點掃描)，利用 docker 生成環境，再用 NMAP 加上 vulners.nse 去掃描主機的弱點

安裝需要元件

yum install texlive-* docker -y

安裝 flan

git clone https://github.com/cloudflare/flan.git
cd flan
編輯 shared/ips.txt 加入要掃描的 IP
make build
make start # 開始掃

在 shared/reports/report_2019.11.22-06.50.tex 可以看到報告

可以用 pdflatex shared/reports/report_2019.11.22-06.50.tex 產出成 PDF 較好看

掃描的過程

docker run --name flan_1574406264 -v /var/www/vhosts/default/htdocs/flan/shared:/shared flan_scan
# Nmap 7.70 scan initiated Fri Nov 22 07:04:26 2019 as: nmap -sV -oX /shared/xml_files/2019.11.22-07.04/33.33.33.33.xml -oN - -v1 --script=vulners/vulners.nse 33.33.33.33
Nmap scan report for 33.33.33.33
Host is up (0.0060s latency).
Not shown: 983 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
| vulners:
| cpe:/a:openbsd:openssh:7.4:
| CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919
|_ CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
25/tcp open smtp Postfix smtpd
53/tcp open domain (unknown banner: none)
| fingerprint-strings:
| DNSVersionBindReqTCP:
| version
| bind
|_ none
80/tcp open http nginx
|_http-server-header: nginx
106/tcp open pop3pw poppassd
110/tcp open pop3 Dovecot pop3d
111/tcp open rpcbind 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
|_ 100000 2,3,4 111/udp rpcbind
143/tcp open imap Dovecot imapd
443/tcp open ssl/http nginx
|_http-server-header: nginx
465/tcp open ssl/smtp Postfix smtpd
993/tcp open ssl/imap Dovecot imapd
995/tcp open ssl/pop3 Dovecot pop3d
2000/tcp open tcpwrapped
3306/tcp open mysql MySQL 5.5.5-10.2.29-MariaDB
| vulners:
| MySQL 5.5.5-10.2.29-MariaDB:
|_ NODEJS:602 0.0 https://vulners.com/nodejs/NODEJS:602
5060/tcp open tcpwrapped
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-TCP:V=7.70%I=7%D=11/22%Time=5DD78887%P=x86_64-alpine-linux-musl%
SF:r(DNSVersionBindReqTCP,3F,"\0=\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07ver
SF:sion\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc
SF:0\x0c\0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
Service Info: Hosts: 33.33.33.33, cross.dev, cross.dev; OS: Unix

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Nov 22 07:04:47 2019 -- 1 IP address (1 host up) scanned in 21.13 seconds

產出的 PDF 報告