웹스캐너 해킹툴 DFind 소개.

웹방화벽에 특이한 로그가 남았다.


HTTP GET 방식으로

GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1

이런 로그가 남아있길래...

DFind 가 어떤 툴인지 궁금해서 검색을 해보았다.

결론적으로 웹스캐너툴이였다.   보안상 취약한 부분이 있는지 찾아내는 툴이였던 것이다.




사용방법
출처 :

http://cafe.naver.com/adelkor.cafe?iframe_url=/ArticleRead.nhn%3Farticleid=1816

- 윈도와 리눅스의 취약점을 스캔한다.

- 사용법
DFind -p 80 192.168.0.1
scans 192.168.0.1:80, reports to file if open.

DFind -p 1,2 192.168.0.1
scans 192.168.0.1:1,192.168.0.1:2, reports to file if open (up to 10 ports)

DFind -p 80 192.168.0.1 -v
scans 192.168.0.1:80, reports to file and screen if open.

DFind -p 80 150 192.168.0.1
scans 192.168.0.1 from port 80 to 150 included, reportsto file if open.

DFind -p 80 150 192.168.0.0 192.168.0.255 50 -v
scans from port 80 to 150 included, from 192.168.0.0 to 192.168.0.255 included, at 50 threads, reports to file and screen if open.

DFind -p 80 192.168.0.0 192.168.0.255
scans port 80 from 192.168.0.0 to 192.168.0.255 included, reports to file if open.

DFind -p 1,2 192.168.0.0 192.168.0.255
scans two ports 1 & 2 from 192.168.0.0 to 192.168.0.255 included, reports to file if open (up to 10 ports)

DFind -p 1,2 192.168.0.1 -v
scans 192.168.0.1:1,192.168.0.1:2, reports to file and screen if open (up to 10 ports)

DFind -p 80 192.168.0.0 192.168.5.255 1000
scans port 80 from 192.168.0.0 to 192.168.5.255 included at 1000 threads maximum, reports to file if open.

DFind -web 192.168.0.1
scans 5 predifined ports to 192.168.0.1, reports to file if a version is caught (refer to the scanner thread to find out wich are the predifined ports)

DFind -web 192.168.0.1 192.168.0.255 -v -spy "Apache"
scans 5 predifined ports from 192.168.0.1 to 192.168.0.255 included, reports to file and screen if a version with the case sensitive word "Apache" is filtered.

http://blog.naver.com/jabusunin?Redirect=Log&logNo=30002933877

위의 글을 참고하면 실질적으로 다운로드 가능한 사이트를 알 수 있는데..

외국사이트에다가 회원가입 까지 해야한다.

테스트를 해볼려고 했는데..  스파이웨어인 듯 하여 그냥 포기했다.

홈페이지를 운영하시는 분들은...... 보안에 신경씁시다~~~