nmap没有那么神

扫描某博客网站，nmap告诉我：

OS details: Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22), Sony Ericsson U8i Vivaz mobile phone

移动时代也不至于拿手机当Web服务器啊。

网站不都像scanme.nmap.org一样配合啊。再说就算猜对了OS，如Linux 3.1.2，我又不知道3.1.2有哪些漏洞和如何黑进去。

SQL injection好像可玩度不错，因为好像有人会把JavaScript代码存在数据库里。听见“关系”、“笛卡尔积”我就发抖，SQL里是CREATE TABLE，不是CREATE RELATION啊。escape? 一律\nnn行不？不差这一点点效率了吧？

Nmap - Detailed Pedia

Nmap features include:

• Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
• Port scanning – Enumerating the open ports on target hosts.
• Version detection – Interrogating network services on remote devices to determine application name and version number.
• TCP/IP stack fingerprinting – Determining the operating system and hardware characteristics of network devices based on observations of network activity of said devices.
• Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming language.

Certain parameters within the TCP protocol definition are left up to the implementation. Different operating systems, and different versions of the same operating system, set different defaults for these values. By collecting and examining these values, one may differentiate among various operating systems, and implementations of TCP/IP. The TCP/IP fields that may vary include the following:

• Initial packet size (16 bits)
• Initial TTL (8 bits)
• Window size (16 bits)
• Max segment size (16 bits)
• Window scaling value (8 bits)
• "don't fragment" flag (1 bit)
• "sackOK" flag (1 bit)
• "nop" flag (1 bit)

Nmap: the Network Mapper - Free Security Scanner