概要:
msf的arp_sweep 、udp_sweep模块
Nmap -sn使用ping探测 -PU -sn 使用UDP协议端口探测
msf模块
arp_sweep     常用
ipv6_multicast_ping
ipv6_neighbor
ipv6_neighbor_router_advertisement
udp_probe
udp_sweep     常用 同时也会发现主机上的udp服务
msf > use auxiliary/scanner/discovery/arp_sweep
msf auxiliary(arp_sweep) > show options
 
Module options (auxiliary/scanner/discovery/arp_sweep):
 
   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   INTERFACE                   no        The name of the interface
   RHOSTS                      yes       The target address range or CIDR identifier
   SHOST                       no        Source IP Address
   SMAC                        no        Source MAC Address
   THREADS    1                yes       The number of concurrent threads
   TIMEOUT    5                yes       The number of seconds to wait for new data
 
msf auxiliary(arp_sweep) > set rhosts 192.168.3.0/24
rhosts => 192.168.3.0/24
msf auxiliary(arp_sweep) > set t
set threads          set timeout          set timestampoutput
msf auxiliary(arp_sweep) > set threads 100
threads => 100
msf auxiliary(arp_sweep) > run
 
[*] 192.168.3.1 appears to be up (UNKNOWN).
[*] 192.168.3.20 appears to be up (UNKNOWN).
[*] 192.168.3.24 appears to be up (UNKNOWN).
[*] 192.168.3.85 appears to be up (UNKNOWN).
[*] 192.168.3.88 appears to be up (UNKNOWN).
[*] 192.168.3.96 appears to be up (UNKNOWN).
[*] 192.168.3.111 appears to be up (UNKNOWN).
[*] 192.168.3.133 appears to be up (UNKNOWN).
[*] 192.168.3.140 appears to be up (UNKNOWN).
[*] 192.168.3.142 appears to be up (UNKNOWN).
[*] 192.168.3.144 appears to be up (UNKNOWN).
[*] 192.168.3.168 appears to be up (UNKNOWN).
[*] 192.168.3.172 appears to be up (UNKNOWN).
[*] 192.168.3.176 appears to be up (UNKNOWN).
[*] 192.168.3.186 appears to be up (UNKNOWN).
[*] 192.168.3.191 appears to be up (UNKNOWN).
[*] 192.168.3.199 appears to be up (Raspberry Pi Foundation).
[*] 192.168.3.211 appears to be up (UNKNOWN).
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(arp_sweep) >
 
 
msf > use auxiliary/scanner/discovery/udp_sweep
msf auxiliary(udp_sweep) > show options
 
Module options (auxiliary/scanner/discovery/udp_sweep):
 
   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   BATCHSIZE  256              yes       The number of hosts to probe in each set
   RHOSTS                      yes       The target address range or CIDR identifier
   THREADS    10               yes       The number of concurrent threads
 
msf auxiliary(udp_sweep) > set rhosts 192.168.3.0/24
rhosts => 192.168.3.0/24
msf auxiliary(udp_sweep) > set threads 100
threads => 100
msf auxiliary(udp_sweep) > run
 
[*] Sending 13 probes to 192.168.3.0->192.168.3.255 (256 hosts)
[*] Discovered DNS on 192.168.3.1:53 (36c8858000010001000000000756455253494f4e0442494e440000100003c00c0010000300000000000d0c646e736d6173712d322e3736)
[*] Discovered NetBIOS on 192.168.3.111:137 (LAPTOP-V63UITPH:<20>:U :LAPTOP-V63UITPH:<00>:U :WORKGROUP:<00>:G :74:c6:3b:9c:00:65)
[*] Discovered NTP on 192.168.3.199:123 (NTP v4)
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
 
Nmap
 
msf > nmap -sn 192.168.3.0/24
[*] exec: nmap -sn 192.168.3.0/24
 
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-08 16:17 CST
Nmap scan report for RT-AC54U (192.168.3.1)
Host is up (0.0015s latency).
MAC Address: 8C:AB:8E:FA:10:A1 (Shanghai Feixun Communication)
Nmap scan report for 192.168.3.24
Host is up (0.018s latency).
MAC Address: B8:44:D9:D0:04:08 (Apple)
Nmap scan report for DESKTOP-QU5496C (192.168.3.88)
Host is up (0.00052s latency).
MAC Address: 80:E6:50:15:C2:60 (Apple)
Nmap scan report for 192.168.3.96
Host is up (0.057s latency).
MAC Address: 14:2D:27:2B:1C:E9 (Hon Hai Precision Ind.)
Nmap scan report for 192.168.3.111
Host is up (0.050s latency).
MAC Address: 74:C6:3B:9C:00:65 (AzureWave Technology)
Nmap scan report for 192.168.3.140
Host is up (0.10s latency).
MAC Address: 00:CD:FE:33:16:02 (Apple)
Nmap scan report for 192.168.3.165
Host is up (0.019s latency).
MAC Address: C0:EE:FB:EA:80:8A (OnePlus Tech (Shenzhen))
Nmap scan report for 192.168.3.168
Host is up (0.085s latency).
MAC Address: 9C:B6:D0:12:75:27 (Rivet Networks)
Nmap scan report for 192.168.3.186
Host is up (0.11s latency).
MAC Address: E4:F8:9C:E7:58:B0 (Intel Corporate)
Nmap scan report for 192.168.3.191
Host is up (0.10s latency).
MAC Address: 68:DB:CA:74:57:B9 (Apple)
Nmap scan report for android-9b63a7f1b6f8164f (192.168.3.219)
Host is up (0.075s latency).
MAC Address: B8:5A:73:C9:E6:E2 (Samsung Electronics)
Nmap scan report for 192.168.3.103
Host is up.
Nmap done: 256 IP addresses (12 hosts up) scanned in 1.78 seconds
 
nmap  -PU对开放的UDP端口进行探测以确定存活的主机
-sn 告诉nmap仅探测存活主机不对tcp端口进行扫描
 
msf > nmap -PU -sn 192.168.3.0/24
[*] exec: nmap -PU -sn 192.168.3.0/24
 
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-08 16:48 CST
Nmap scan report for RT-AC54U (192.168.3.1)
Host is up (0.0020s latency).
MAC Address: 8C:AB:8E:FA:10:A1 (Shanghai Feixun Communication)
Nmap scan report for 192.168.3.20
Host is up (0.015s latency).
MAC Address: 68:DB:CA:A9:CE:63 (Apple)
Nmap scan report for 192.168.3.21
Host is up (0.017s latency).
MAC Address: A0:CC:2B:A4:29:E5 (Murata Manufacturing)
Nmap scan report for 192.168.3.24
Host is up (0.018s latency).
MAC Address: B8:44:D9:D0:04:08 (Apple)
Nmap scan report for DESKTOP-QU5496C (192.168.3.88)
Host is up (0.00023s latency).
MAC Address: 80:E6:50:15:C2:60 (Apple)
Nmap scan report for 192.168.3.96
Host is up (0.072s latency).
MAC Address: 14:2D:27:2B:1C:E9 (Hon Hai Precision Ind.)
Nmap scan report for 192.168.3.111
Host is up (0.070s latency).
MAC Address: 74:C6:3B:9C:00:65 (AzureWave Technology)
Nmap scan report for 192.168.3.133
Host is up (0.10s latency).
MAC Address: 5C:AD:CF:86:87:B1 (Apple)
Nmap scan report for 192.168.3.140
Host is up (0.061s latency).
MAC Address: 00:CD:FE:33:16:02 (Apple)
Nmap scan report for 192.168.3.142
Host is up (0.10s latency).
MAC Address: 20:AB:37:62:9F:18 (Apple)
Nmap scan report for 192.168.3.144
Host is up (0.089s latency).
MAC Address: 70:EC:E4:D4:E9:D2 (Apple)
Nmap scan report for 192.168.3.176
Host is up (0.058s latency).
MAC Address: 04:52:F3:13:38:71 (Apple)
Nmap scan report for 192.168.3.186
Host is up (0.093s latency).
MAC Address: E4:F8:9C:E7:58:B0 (Intel Corporate)
Nmap scan report for 192.168.3.195
Host is up (0.050s latency).
MAC Address: 5C:A8:6A:A7:90:4F (Huawei Technologies)
Nmap scan report for raspberrypi (192.168.3.199)
Host is up (0.048s latency).
MAC Address: B8:27:EB:A9:1C:84 (Raspberry Pi Foundation)
Nmap scan report for 192.168.3.211
Host is up (0.018s latency).
MAC Address: C8:F2:30:9E:93:83 (Guangdong Oppo Mobile Telecommunications)
Nmap scan report for 192.168.3.103
Host is up.
Nmap done: 256 IP addresses (17 hosts up) scanned in 2.59 seconds
msf > nmap -PU 192.168.3.0/24
[*] exec: nmap -PU 192.168.3.0/24
 
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-08 16:18 CST
 
Nmap scan report for RT-AC54U (192.168.3.1)
Host is up (0.0055s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
53/tcp   open  domain
1723/tcp open  pptp
8000/tcp open  http-alt
MAC Address: 8C:AB:8E:FA:10:A1 (Shanghai Feixun Communication)
 
Nmap scan report for 192.168.3.20
Host is up (0.0044s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 68:DB:CA:A9:CE:63 (Apple)
 
Nmap scan report for 192.168.3.24
Host is up (0.011s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: B8:44:D9:D0:04:08 (Apple)
 
Nmap scan report for DESKTOP-QU5496C (192.168.3.88)
Host is up (0.00063s latency).
Not shown: 998 filtered ports
PORT     STATE SERVICE
80/tcp   open  http
3306/tcp open  mysql
MAC Address: 80:E6:50:15:C2:60 (Apple)
 
Nmap scan report for 192.168.3.96
Host is up (0.019s latency).
Not shown: 983 closed ports
PORT      STATE    SERVICE
80/tcp    open     http
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
445/tcp   filtered microsoft-ds
2869/tcp  open     icslap
5060/tcp  open     sip
5357/tcp  open     wsdapi
5678/tcp  open     rrac
9593/tcp  open     cba8
9594/tcp  open     msgsys
9595/tcp  open     pds
10000/tcp open     snet-sensor-mgmt
33354/tcp open     unknown
49152/tcp open     unknown
49153/tcp open     unknown
49154/tcp open     unknown
49176/tcp open     unknown
MAC Address: 14:2D:27:2B:1C:E9 (Hon Hai Precision Ind.)
 
Nmap scan report for 192.168.3.111
Host is up (0.086s latency).
Not shown: 999 filtered ports
PORT     STATE SERVICE
6646/tcp open  unknown
MAC Address: 74:C6:3B:9C:00:65 (AzureWave Technology)
 
Nmap scan report for 192.168.3.133
Host is up (0.21s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 5C:AD:CF:86:87:B1 (Apple)
 
Nmap scan report for 192.168.3.140
Host is up (0.012s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 00:CD:FE:33:16:02 (Apple)
 
Nmap scan report for 192.168.3.142
Host is up (0.021s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 20:AB:37:62:9F:18 (Apple)
 
Nmap scan report for 192.168.3.144
Host is up (0.0055s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 70:EC:E4:D4:E9:D2 (Apple)
 
Nmap scan report for 192.168.3.168
Host is up (0.0053s latency).
Not shown: 997 filtered ports
PORT     STATE SERVICE
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
6646/tcp open  unknown
MAC Address: 9C:B6:D0:12:75:27 (Rivet Networks)
 
Nmap scan report for 192.168.3.176
Host is up (0.0078s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 04:52:F3:13:38:71 (Apple)
 
Nmap scan report for 192.168.3.186
Host is up (0.017s latency).
Not shown: 992 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49156/tcp open  unknown
49157/tcp open  unknown
MAC Address: E4:F8:9C:E7:58:B0 (Intel Corporate)
 
Nmap scan report for 192.168.3.191
Host is up (0.046s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 68:DB:CA:74:57:B9 (Apple)
 
Nmap scan report for raspberrypi (192.168.3.199)
Host is up (0.0072s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
3389/tcp open  ms-wbt-server
MAC Address: B8:27:EB:A9:1C:84 (Raspberry Pi Foundation)
 
Nmap scan report for 192.168.3.211
Host is up (0.020s latency).
All 1000 scanned ports on 192.168.3.211 are closed
MAC Address: C8:F2:30:9E:93:83 (Guangdong Oppo Mobile Telecommunications)
 
Nmap scan report for android-9b63a7f1b6f8164f (192.168.3.219)
Host is up (0.48s latency).
Not shown: 997 closed ports
PORT      STATE    SERVICE
1244/tcp  filtered isbconference1
32781/tcp filtered unknown
40911/tcp filtered unknown
MAC Address: B8:5A:73:C9:E6:E2 (Samsung Electronics)
 
Nmap scan report for 192.168.3.103
Host is up (0.0000020s latency).
All 1000 scanned ports on 192.168.3.103 are closed
 
Nmap done: 256 IP addresses (18 hosts up) scanned in 1544.16 seconds
msf >
 
 

MSF魔鬼训练营-3.2.1活跃主机扫描的更多相关文章

  1. MSF魔鬼训练营-3.4.2网络漏洞扫描-OpenVAS(待补完)PS:在虚拟机里面运行OpenVAS扫描的进度真的是超慢啊...

     由于新版的kali中没有预装OpenVAS.所以在虚拟机中安装花了非常多的时间. 安装过程参考:http://www.cnblogs.com/zlslch/p/6872559.html过程写的非常详 ...

  2. Nmap的活跃主机探测常见方法

    最近由于工作需求,开始对Nmap进行一点研究,主要是Nmap对于主机活跃性的探测,也就是存活主机检测的领域. Nmap主机探测方法一:同网段优先使用arp探测: 当启动Namp主机活跃扫描时候,Nma ...

  3. [原创]K8Cscan插件之Web主机扫描(存活主机、机器名、Banner、标题)

    [原创]K8 Cscan 大型内网渗透自定义扫描器 https://www.cnblogs.com/k8gege/p/10519321.html Cscan简介:何为自定义扫描器?其实也是插件化,但C ...

  4. [原创]K8Cscan插件之存活主机扫描

    [原创]K8 Cscan 大型内网渗透自定义扫描器 https://www.cnblogs.com/k8gege/p/10519321.html Cscan简介:何为自定义扫描器?其实也是插件化,但C ...

  5. python scapy的用法之ARP主机扫描和ARP欺骗

    python scapy的用法之ARP主机扫描和ARP欺骗 目录: 1.scapy介绍 2.安装scapy 3.scapy常用 4.ARP主机扫描 5.ARP欺骗 一.scapy介绍 scapy是一个 ...

  6. python模块之sys和subprocess以及编写简单的主机扫描脚本

    python模块之sys和subprocess以及编写简单的主机扫描脚本 1.sys模块 sys.exit(n)  作用:执行到主程序末尾,解释器自动退出,但是如果需要中途退出程序,可以调用sys.e ...

  7. Linux常用网络工具:hping高级主机扫描

    之前介绍了主机扫描工具fping,可以参考我写的<Linux常用网络工具:fping主机扫描>. hping是一款更高级的主机扫描工具,它支持TCP/IP数据包构造.分析,在某些防火墙配置 ...

  8. Linux常用网络工具:fping主机扫描

    Linux下有很多强大网络扫描工具,网络扫描工具可以分为:主机扫描.主机服务扫描.路由扫描等. fping是一个主机扫描工具,相比于ping工具可以批量扫描主机. fping官方网站:http://f ...

  9. QT---基于WinPcap的局域网络管理工具(主机扫描、包过滤、ARP攻击、端口扫描)

    主要功能 本机适配器扫描 局域网各主机扫描 类似于WinShark的抓包工具,能够简单的过滤Tcp.Udp.Arp等包 ARP攻击功能,限制局域网内指定主机上网 流量统计,统计实时网速 多线程攻击,多 ...

随机推荐

  1. 数位dp入门(内容一样,新版格式)

    顾名思义,数位dp,是一种用来计数的dp,就是把一个数字拆成一个一个数位去统计 如果现在给你一道题,需要你求在区间[l,r]内满足条件的解的个数,我们很容易想到去暴力枚举,但要是数据范围太大这种办法就 ...

  2. 访问zabbix首页无法正常登陆

    访问: http://IP/zabbix/ (1) You should see the first screen of the frontend installation wizard. (2) 检 ...

  3. ACM之路(19)—— 主席树初探

    长春赛的 I 题是主席树,现在稍微的学了一点主席树,也就算入了个门吧= = 简单的来说主席树就是每个节点上面都是一棵线段树,但是这么多线段树会MLE吧?其实我们解决的办法就是有重复的节点给他利用起来, ...

  4. pyton3的数字操作你都会用吗?

    '''数字数据类型用于存储数值.数据类型是不允许改变的,这就意味着如果改变数字数据类型的值,将重新分配空间. 1.del(用于删除一些数字对象的引用) 2.整形(int)通常被称为是整形或者整数,是正 ...

  5. 「Luogu P5601」小D与笔试

    题目链接 戳我 \(Solution\) 这道题官方题解的做法太复杂了,还需要扫字符串. 其实只需要两个\(map\)就好了. 一个\(map<string,stirng>\)用来记录题目 ...

  6. 基于 XML 的 AOP 配置(1)

    本文连接:https://www.cnblogs.com/qzhc/p/11969734.html 接下来我将用一个很简单的实例 1. 环境搭建 1.1. 第一步:准备必要的代码 业务层代码: Acc ...

  7. ILSpy C# language support status

    C# language support status Asynchronous methods 已经支持 Generalized async return types  还不支持 Async main ...

  8. ubuntu安装mysql 5.7

    1.安装mysql sudo apt-get install mysql-client mysql-server 2.启动 service mysqld start 3.登陆 mysql -uroot ...

  9. 没有安装zip引发的一系列安装

    安装一个php框架的时候提示不能在线解压缩 通过phpinfo查看没有加载zip扩展,安装开始. 先安装了一次发现不能make,,,什么情况!!! 提示这个错误,好吧解决.make: *** No t ...

  10. 《视觉SLAM十四讲》第1讲

    目录 一 视觉SLAM 注:原创不易,转载请务必注明原作者和出处,感谢支持! 一 视觉SLAM 什么是视觉SLAM? SLAM是Simultaneous Localization and Mappin ...