     一、  Continue to jot down notes about the Nmap

    1、nmap -sn   [ip]   This command will send an ARP request to the LAN broadcast address and will determine whether the host is live

        eg:   we use the command to gathering system information  (as follow ,it's mine  windows7 system)  ,in addition  we combination  of linux and others system are  used ,I have written about install kali and Ubuntu 、Metasploitable2  system on my previous blog .you can refer the installing on the  Vmware . and then fire start the ubuntu system and use the same command to gathering information .

      the step one :   gathering win7 system

      Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-17 20:48 EST
    Nmap scan report for
    Host is up (0.82s latency).
    Not shown: 986 closed ports
    PORT     STATE    SERVICE          VERSION
    135/tcp  open     msrpc            Microsoft Windows RPC
    139/tcp  open     netbios-ssn      Microsoft Windows netbios-ssn
    443/tcp  open     ssl/https
    | fingerprint-strings:
    |   FourOhFourRequest:
    |     HTTP/1.1 404 Not Found
    |     Date: Fri, 18 Jan 2019 01:48:39 GMT
    |     Connection: close
    |     Content-Type: text/plain; charset=utf-8
    |     X-Frame-Options: DENY
    |     Content-Length: 0
    |   GetRequest:
    |     HTTP/1.1 403 Forbidden
    |     Date: Fri, 18 Jan 2019 01:48:39 GMT
    |     Connection: close
    |     Content-Type: text/plain; charset=utf-8
    |     X-Frame-Options: DENY
    |     Content-Length: 0
    |   HTTPOptions:
    |     HTTP/1.1 501 Not Implemented
    |     Date: Fri, 18 Jan 2019 01:48:39 GMT
    |     Connection: close
    |     Content-Type: text/plain; charset=utf-8
    |     X-Frame-Options: DENY
    |     Content-Length: 0
    |   RTSPRequest:
    |     HTTP/1.1 400 Bad Request
    |     Date: Fri, 18 Jan 2019 01:48:49 GMT
    |     Connection: close
    |     Content-Type: text/html
    |     Content-Length: 50
    |     <HTML><BODY><H1>400 Bad Request</H1></BODY></HTML>
    |   SIPOptions:
    |     HTTP/1.1 400 Bad Request
    |     Date: Fri, 18 Jan 2019 01:49:52 GMT
    |     Connection: close
    |     Content-Type: text/html
    |     Content-Length: 50
    |_    <HTML><BODY><H1>400 Bad Request</H1></BODY></HTML>
    |_http-title: Site doesn't have a title (text/plain; charset=utf-8).
    | ssl-cert: Subject: commonName=VMware/countryName=US
    | Not valid before: 2017-10-09T12:32:16
    |_Not valid after:  2018-10-09T12:32:16
    |_ssl-date: TLS randomness does not represent time
    | vmware-version:
    |   Server version: VMware Workstation 14.1.1
    |   Build: 7528167
    |   Locale version: INTL  
    |   OS type: win32-x86
    |_  Product Line ID: ws
    445/tcp  open     microsoft-ds     Windows 7 Ultimate 7601 Service Pack 1 microsoft-ds (workgroup: WorkGroup)
    514/tcp  filtered shell
    902/tcp  open     ssl/vmware-auth  VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
    912/tcp  open     vmware-auth      VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
    1025/tcp open     msrpc            Microsoft Windows RPC
    1026/tcp open     msrpc            Microsoft Windows RPC
    1027/tcp open     msrpc            Microsoft Windows RPC
    1033/tcp open     msrpc            Microsoft Windows RPC
    1055/tcp open     msrpc            Microsoft Windows RPC
    5357/tcp open     http             Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
    |_http-server-header: Microsoft-HTTPAPI/2.0
    |_http-title: Service Unavailable
    8082/tcp open     blackice-alerts?
    | fingerprint-strings:
    |   FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, RTSPRequest, SIPOptions:
    |     HTTP/1.1 400 Error
    |     Server: QQ/1.0.0 (Tencent)
    |     Content-Length: 18
    |     Connection: close
    |_    unkown the request
    2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
    SF:%r(GetRequest,A5,"HTTP/1.1x20403x20Forbidden Date:x20Fri,x2018
    SF:x20Janx202019x2001:48:39x20GMT Connection:x20close Content-Ty
    SF:pe:x20text/plain;x20charset=utf-8 X-Frame-Options:x20DENY Cont
    SF:ent-Length:x200 ")%r(HTTPOptions,AB,"HTTP/1.1x20501x20Notx2
    SF:0Implemented Date:x20Fri,x2018x20Janx202019x2001:48:39x20GMT
    SF: Connection:x20close Content-Type:x20text/plain;x20charset=utf-8
    SF: X-Frame-Options:x20DENY Content-Length:x200 ")%r(FourOh
    SF:FourRequest,A5,"HTTP/1.1x20404x20Notx20Found Date:x20Fri,x2018
    SF:x20Janx202019x2001:48:39x20GMT Connection:x20close Content-T
    SF:ype:x20text/plain;x20charset=utf-8 X-Frame-Options:x20DENY Con
    SF:tent-Length:x200 ")%r(RTSPRequest,B3,"HTTP/1.1x20400x20Badx
    SF:20Request Date:x20Fri,x2018x20Janx202019x2001:48:49x20GMT C
    SF:onnection:x20close Content-Type:x20text/html Content-Length:x2
    SF:050 <HTML><BODY><H1>400x20Badx20Request</H1></BODY></HTML>")%r
    SF:(SIPOptions,B3,"HTTP/1.1x20400x20Badx20Request Date:x20Fri,x20
    SF:18x20Janx202019x2001:49:52x20GMT Connection:x20close Content
    SF:-Type:x20text/html Content-Length:x2050 <HTML><BODY><H1>400
    SF:tRequest,6D,"HTTP/1.1x20400x20Errorx20 Server:x20QQ/1.0.0x20
    SF:(Tencent)x20 Content-Length:x2018 Connection:x20close
    SF:0Errorx20 Server:x20QQ/1.0.0x20(Tencent)x20 Content-Lengt
    SF:h:x2018 Connection:x20close unkownx20thex20request")%r(Ge
    SF:nericLines,6D,"HTTP/1.1x20400x20Errorx20 Server:x20QQ/1.0.0x
    SF:20(Tencent)x20 Content-Length:x2018 Connection:x20close
    SF:r unkownx20thex20request")%r(HTTPOptions,6D,"HTTP/1.1x20400x20Err
    SF:orx20 Server:x20QQ/1.0.0x20(Tencent)x20 Content-Length:x
    SF:2018 Connection:x20close unkownx20thex20request")%r(RTSPRe
    SF:quest,6D,"HTTP/1.1x20400x20Errorx20 Server:x20QQ/1.0.0x20(T
    SF:encent)x20 Content-Length:x2018 Connection:x20close un
    SF: Server:x20QQ/1.0.0x20(Tencent)x20 Content-Length:x2018
    SF: Connection:x20close unkownx20thex20request");
    Device type: general purpose
    Running: Microsoft Windows XP|7|2012
    OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012
    OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012
    Network Distance: 2 hops
    Service Info: Host: NETPOLICE; OS: Windows; CPE: cpe:/o:microsoft:windows

    Host script results:
    |_clock-skew: mean: -2h40m05s, deviation: 4h37m07s, median: -5s
    |_nbstat: NetBIOS name: NETPOLICE, NetBIOS user: <unknown>, NetBIOS MAC: a4:db:30:5b:69:3a (Liteon Technology)
    | smb-os-discovery:
    |   OS: Windows 7 Ultimate 7601 Service Pack 1 (Windows 7 Ultimate 6.1)
    |   OS CPE: cpe:/o:microsoft:windows_7::sp1
    |   Computer name: NetPolice
    |   NetBIOS computer name: NETPOLICEx00
    |   Workgroup: WorkGroupx00
    |_  System time: 2019-01-18T09:51:14+08:00
    | smb-security-mode:
    |   account_used: guest
    |   authentication_level: user
    |   challenge_response: supported
    |_  message_signing: disabled (dangerous, but default)
    | smb2-security-mode:
    |   2.02:
    |_    Message signing enabled but not required
    | smb2-time:
    |   date: 2019-01-17 20:51:14
    |_  start_date: 2019-01-17 19:39:29
    TRACEROUTE (using port 3389/tcp)
    HOP RTT        ADDRESS
    1   1.88 ms
    2   1000.69 ms
    OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 242.79 seconds
    the  setp two :gathering the  Ubuntu  information

         eg:   Ubuntu system information

        Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-17 21:13 EST
    Nmap scan report for
    Host is up (0.00068s latency).
    Not shown: 999 closed ports
    22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux; protocol 2.0)
    | ssh-hostkey:
    |   2048 ac:b1:ea:b8:39:3f:c2:61:74:82:d8:a7:06:4c:57:ec (RSA)
    |   256 9b:36:1f:ce:79:c8:04:6e:cf:96:72:2b:0a:99:a5:71 (ECDSA)
    |_  256 87:06:4a:2c:f2:d9:3a:81:22:f1:fd:18:bb:f5:54:d6 (ED25519)
    MAC Address: 00:0C:29:26:DB:DD (VMware)
    Device type: general purpose
    Running: Linux 3.X|4.X
    OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
    OS details: Linux 3.2 - 4.9
    Network Distance: 1 hop
    Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
    1   0.68 ms
    OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 15.10 seconds

    2、if we don't know the host ip is livewe can use the dash-notation to scan teh LAN network  ,    but we use the command to scan another LAN ,it's means  permormed against remoter hosts on a different LAN ,the response will not include system the MAC address ..

        the command is :   namp  -sn     or  we can use the command

         another if we want to scan a table list ip address  the we can use  the command  iL  like as : nmap -iL    ipList.txt   -sn (ipList.txt   is a note write down some ip address )

      eg :    nmap -iL  /home/iplist.txt   -sn        (note :   in fact we can't make sure the correct that the host is live through only in this scan )

     besides this wiget we can use  the Netdisocover    to gathering the  system information 


    3、 tracert   the route  ,we use the tracert to  track the abroad ip address  .

    4、use  openvas  to scan the website

        step one  how to install the openvas  in the kali linux .   if we forget the account and password we can use the command to change the account :    openvasmd --user=admin  --new-password=[password]   ,you can also add a new account for openvas use the command :

       {openvasmd  --create-user=name       创建一个新的账户       openvasmd --delete-user=name    删除一个账户}      now  at present we look the openvas install on the kali linux 

        if you want change the default configpage  we can  Modify configuration:    general used information in the   greenbone-security-assistant  ,the locate in :  vi /etc/default/greenbone-security-assistant/    in the page we can change the host ip  "GSA_ADDRESS=> eg  you   host ip address .

    use the command to update OPenvas   , in the procress .the page will  prompt you will upgrade two database .so you decide youself

       the upgrade command  :    openvas-feed-update

    when the openvas  start   will open listening port 939*   ,we make sure  whether the port is open or close  use the command  :

         netstat -antp | grep 939*  



