Kali linux 2016.2(Rolling)中metasploit的端口扫描
目前常见的端口扫描技术一般有如下几类: TCP Connect、TCP SYN、TCP ACK、TCP FIN。
Metasploit中的端口扫描器
Metasploit的辅助模块中提供了几款实用的端口扫描器。可以输入search portscan命令找到相关的端口扫描器。如下
root@kali:~# msfconsole
...... msf > search portscan Matching Modules
================ Name Disclosure Date Rank Description
---- --------------- ---- -----------
auxiliary/scanner/http/wordpress_pingback_access normal Wordpress Pingback Locator
auxiliary/scanner/natpmp/natpmp_portscan normal NAT-PMP External Port Scanner
auxiliary/scanner/portscan/ack normal TCP ACK Firewall Scanner
auxiliary/scanner/portscan/ftpbounce normal FTP Bounce Port Scanner
auxiliary/scanner/portscan/syn normal TCP SYN Port Scanner
auxiliary/scanner/portscan/tcp normal TCP Port Scanner
auxiliary/scanner/portscan/xmas normal TCP "XMas" Port Scanner
auxiliary/scanner/sap/sap_router_portscanner normal SAPRouter Port Scanner msf >
Metasploit中ack扫描模块的使用过程
msf > use auxiliary/scanner/portscan/ack
msf auxiliary(ack) > set RHOSTS 202.193.58.13
RHOSTS => 202.193.58.13
msf auxiliary(ack) > set THREADS
THREADS =>
msf auxiliary(ack) > run
Metasploit中ftpbounce扫描模块的使用过程
msf > use auxiliary/scanner/portscan/ftpbounce
msf auxiliary(ftpbounce) > set RHOSTS 202.193.58.13
RHOSTS => 202.193.58.13
msf auxiliary(ftpbounce) > set THREADS
THREADS =>
msf auxiliary(ftpbounce) > run
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: BOUNCEHOST.
msf auxiliary(ftpbounce) >
Metasploit中tcp扫描模块的使用过程
msf > use auxiliary/scanner/portscan/tcp
msf auxiliary(tcp) > set RHOSTS 202.193.58.13
RHOSTS => 202.193.58.13
msf auxiliary(tcp) > set THREADS
THREADS =>
msf auxiliary(tcp) > run [*] 202.193.58.13: - 202.193.58.13: - TCP OPEN
[*] 202.193.58.13: - 202.193.58.13: - TCP OPEN
[*] 202.193.58.13: - 202.193.58.13: - TCP OPEN
[*] 202.193.58.13: - 202.193.58.13: - TCP OPEN
Metasploit中xmas扫描模块的使用过程
msf > use auxiliary/scanner/portscan/xmas
msf auxiliary(xmas) > set RHOSTS 202.193.58.13
RHOSTS => 202.193.58.13
msf auxiliary(xmas) > set THREADS
THREADS =>
msf auxiliary(xmas) > run [*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
[*] TCP OPEN|FILTERED 202.193.58.13:
Metasploit中syn扫描模块的使用过程
在一般的情况下,推荐使用syn端口扫描器,因为它的扫描速度较快、结果准确切不容易被对方察觉。下面是针对网关服务器(Ubuntu Metasploitable)主机的扫描结果,可以看出与Nmap的扫描结果基本一致。如下。
msf > use auxiliary/scanner/portscan/syn
msf auxiliary(syn) > set RHOSTS 202.193.58.13
RHOSTS => 202.193.58.13
msf auxiliary(syn) > set THREADS 20
THREADS => 20
msf auxiliary(syn) > run [*] TCP OPEN 202.193.58.13:21
[*] TCP OPEN 202.193.58.13:22
[*] TCP OPEN 202.193.58.13:23
[*] TCP OPEN 202.193.58.13:25
[*] TCP OPEN 202.193.58.13:53
[*] TCP OPEN 202.193.58.13:80
[*] TCP OPEN 202.193.58.13:111
[*] TCP OPEN 202.193.58.13:139
[*] TCP OPEN 202.193.58.13:445
[*] TCP OPEN 202.193.58.13:512
[*] TCP OPEN 202.193.58.13:513
当然,大家也可以拿下面的主机来扫描
Metasploit中sap_router_portscanner扫描模块的使用过程
msf > use auxiliary/scanner/sap/sap_router_portscanner
msf auxiliary(sap_router_portscanner) > set RHOSTS 202.193.58.13
RHOSTS => 202.193.58.13
msf auxiliary(sap_router_portscanner) > set THREADS
THREADS =>
msf auxiliary(sap_router_portscanner) > run
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: RHOST, TARGETS.
msf auxiliary(sap_router_portscanner) >
Metasploit中也可以使用namp
常用nmap扫描类型参数:
-sT:TCP connect扫描
-sS:TCP syn扫描
-sF/-sX/-sN:通过发送一些标志位以避开设备或软件的检测
-sP:ICMP扫描
-sU:探测目标主机开放了哪些UDP端口
-sA:TCP ACk扫描
扫描选项:
-Pn:在扫描之前,不发送ICMP echo请求测试目标是否活跃
-O:辨识操作系统等信息
-F:快速扫描模式
-p<端口范围>:指定端口扫描范围
msf auxiliary(syn) > nmap -sS -Pn 202.193.58.13
[*] exec: nmap -sS -Pn 202.193.58.13 Starting Nmap 7.31 ( https://nmap.org ) at 2017-05-17 22:17 CST
Nmap scan report for 13.58.193.202.in-addr.arpa (202.193.58.13)
Host is up (.0014s latency).
Not shown: closed ports
PORT STATE SERVICE
/tcp open ftp
/tcp open ssh
/tcp open telnet
/tcp open smtp
/tcp open domain
/tcp open http
/tcp open rpcbind
/tcp open netbios-ssn
/tcp open microsoft-ds
/tcp open exec
/tcp open login
/tcp open shell
/tcp open rmiregistry
/tcp open ingreslock
/tcp open nfs
/tcp open ccproxy-ftp
/tcp open mysql
/tcp open postgresql
/tcp open vnc
/tcp open X11
/tcp open irc
/tcp open ajp13
/tcp open unknown
MAC Address: :AD::::5C (Unknown) Nmap done: IP address ( host up) scanned in 1.49 seconds
msf auxiliary(syn) >
msf auxiliary(syn) > nmap -sV -Pn 202.193.58.13
[*] exec: nmap -sV -Pn 202.193.58.13 Starting Nmap 7.31 ( https://nmap.org ) at 2017-05-17 22:18 CST
Nmap scan report for 13.58.193.202.in-addr.arpa (202.193.58.13)
Host is up (.0016s latency).
Not shown: closed ports
PORT STATE SERVICE VERSION
/tcp open ftp vsftpd 2.3.
/tcp open ssh OpenSSH .7p1 Debian 8ubuntu1 (protocol 2.0)
/tcp open telnet Linux telnetd
/tcp open smtp Postfix smtpd
/tcp open domain?
/tcp open http?
/tcp open rpcbind?
/tcp open netbios-ssn?
/tcp open microsoft-ds?
/tcp open exec netkit-rsh rexecd
/tcp open login?
/tcp open shell Netkit rshd
/tcp open rmiregistry?
/tcp open shell Metasploitable root shell
/tcp open nfs?
/tcp open ccproxy-ftp?
/tcp open mysql MySQL 5.0.51a-3ubuntu5
/tcp open postgresql?
/tcp open vnc VNC (protocol 3.3)
/tcp open X11?
/tcp open irc Unreal ircd
/tcp open ajp13?
/tcp open unknown
MAC Address: :AD::::5C (Unknown)
Service Info: Hosts: metasploitable.localdomain, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: IP address ( host up) scanned in 22.50 seconds
msf auxiliary(syn) >
可以,与下面进行对比。
kali 2.0 linux中的Nmap的端口扫描功能
当然,大家也可以拿下面的主机来扫描
Kali linux 2016.2(Rolling)中metasploit的端口扫描的更多相关文章
- MetaSploit攻击实例讲解------社会工程学set攻击(kali linux 2016.2(rolling))(详细)
不多说,直接上干货! 首先,如果你是用的BT5,则set的配置文件是在 /pentest/exploits/set/set_config下. APACHE_SERVER=ONSELF_SIGNED_A ...
- MetaSploit攻击实例讲解------Metasploit自动化攻击(包括kali linux 2016.2(rolling) 和 BT5)
不多说,直接上干货! 前期博客 Kali linux 2016.2(Rolling)里Metasploit连接(包括默认和自定义)的PostgreSQL数据库 Kali linux 2016.2(Ro ...
- MetaSploit攻击实例讲解------终端下PostgreSQL数据库的使用(包括kali linux 2016.2(rolling) 和 BT5)
不多说,直接上干货! 配置msf连接postgresql数据库 我这里是使用kali linux 2016.2(rolling) 用过的博友们都知道,已经预安装好了PostgreSQL. 1. p ...
- MetaSploit攻击实例讲解------工具Meterpreter常用功能介绍(kali linux 2016.2(rolling))(详细)
不多说,直接上干货! 说在前面的话 注意啦:Meterpreter的命令非常之多,本篇博客下面给出了所有,大家可以去看看.给出了详细的中文 由于篇幅原因,我只使用如下较常用的命令. 这篇博客,利用下面 ...
- MetaSploit攻击实例讲解------攻击445端口漏洞(kali linux 2016.2(rolling))(详细)
不多说,直接上干货! 大家,相信最近的这个事件,对于445端口已经是非常的小心了.勒索病毒 445端口是一个毁誉参半的端口,有了它我们可以在局域网中轻松访问各种共享文件夹或共享打印机,但也正是因为有了 ...
- Kali linux 2016.2 的 plyload模块之meterpreter plyload详解
不多说,直接上干货! 前期博客 Kali linux 2016.2(Rolling)中的payloads模块详解 当利用成功后尝试运行一个进程,它将在系统进程列表里显示,即使在木马中尝试执行系统命令, ...
- Kali linux 2016.2(Rolling)中的Metasploit如何更新与目录结构初步认识
如何更新MSF 1.Windows平台 方法1: 运行msfupdate.bat 在msfconsole里执行命令svn update 或者 方法2: 2.unix/linux平台 方法1: 运行m ...
- Kali linux 2016.2(Rolling)中的payloads模块详解
不多说,直接上干货! 前期博客 Kali linux 2016.2(Rolling)中的Exploits模块详解 payloads模块,也就是shellcode,就是在漏洞利用成功后所要做的事情.在M ...
- Kali linux 2016.2(Rolling)里Metasploit连接(包括默认和自定义)的PostgreSQL数据库之后的切换到指定的工作空间
不多说,直接上干货! 为什么要这么做? 答: 方便我们将扫描不同的目标或目标的不同段,进行归类.为了更好的后续工作! 前期博客 Kali linux 2016.2(Rolling)里Metasploi ...
随机推荐
- JVM的重排序
重排序一般是编译器或执行时环境为了优化程序性能而採取的对指令进行又一次排序执行的一种手段.重排序分为两类:编译期重排序和执行期重排序,分别相应编译时和执行时环境. 在并发程序中,程序猿会特别关注不同进 ...
- FireFox所支持的全部标签(持续更新ing)
近期研究上各个浏览器的差别,得到一些资料,FireFox眼下所支持的全部标签类型,持续更新,供大家參考和学习,不喜勿喷哦 http://mxr.mozilla.org/seamonkey/source ...
- 不仅仅是Google,您必须知道的全球十大地图API
不仅仅是Google,您必须知道的全球十大地图API 一.总结 一句话总结:除了google,也有其它很多很好的地图,必应地图(Bing Maps),OpenLayers 二.不仅仅是Google,您 ...
- ES业界优秀实践案例汇总
ES业界优秀案例汇总 携程 LinkedIn Etsy国外电商CPU(vCore) 70*32 1000*12 4200单日索引数据条数 600亿 500亿 100亿单核处理数据性能/天 2600万/ ...
- [JZOJ5166] [NOIP2017模拟6.26卢学魔] 解题报告 (记忆化搜索|拓扑排序)
题目链接: http://172.16.0.132/senior/#main/show/5166 题目: 题解: 这个没什么好讲的,就是注意生产者没人吃也不是食物链,这告诉我们要积累生物知识注意细节 ...
- Redis 安装与简单示例 <第一篇>【转】
一.Redis的安装 Redis下载地址如下:https://github.com/dmajkic/redis/downloads 解压后根据自己机器的实际情况选择32位或者64位.下载解压后图片如下 ...
- XML学习(一)——xml内容简介
一.什么是XML xml全称为Extensible Markup Language,意思是可扩展的标记语言.XML语法上和HTML比较相似,但是HTML中的元素是固定的,而XML的标签是可以用户定义的 ...
- STM8S103 解决Rom空间不足 & Map文件分析
STM8S103只有8KRom,很容易造成空间不足.对于空间不足,我们就要从map文件着手分析,究竟哪些函数占了多少空间,map文件分为几部分:Segments(总括了各个段所占的空间), Modul ...
- ADO.NET之断开数据连接的数据库操作
在ADO.NET对数据库操作时有两种方式一种时与数据库实时连接,第二种时断开连接的操作. 断开连接的操作使用SqlDataAdapter来实现,我们要把数据库中的表数据加载到winform中的data ...
- 3ds Max绘制青花瓷茶壶
1.在桌面找到3DMAX软件,左键双击,启动程序: 2.在命令案板中,找到几何体,茶壶,在顶视图绘制一个茶壶: 3.在百度图片中搜索,查找“青花瓷”,找到一个自己喜欢的精美图案,截图保存备用: 4.在 ...