概要:
msf的arp_sweep 、udp_sweep模块
Nmap -sn使用ping探测 -PU -sn 使用UDP协议端口探测
msf模块
arp_sweep     常用
ipv6_multicast_ping
ipv6_neighbor
ipv6_neighbor_router_advertisement
udp_probe
udp_sweep     常用 同时也会发现主机上的udp服务
msf > use auxiliary/scanner/discovery/arp_sweep
msf auxiliary(arp_sweep) > show options
 
Module options (auxiliary/scanner/discovery/arp_sweep):
 
   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   INTERFACE                   no        The name of the interface
   RHOSTS                      yes       The target address range or CIDR identifier
   SHOST                       no        Source IP Address
   SMAC                        no        Source MAC Address
   THREADS    1                yes       The number of concurrent threads
   TIMEOUT    5                yes       The number of seconds to wait for new data
 
msf auxiliary(arp_sweep) > set rhosts 192.168.3.0/24
rhosts => 192.168.3.0/24
msf auxiliary(arp_sweep) > set t
set threads          set timeout          set timestampoutput
msf auxiliary(arp_sweep) > set threads 100
threads => 100
msf auxiliary(arp_sweep) > run
 
[*] 192.168.3.1 appears to be up (UNKNOWN).
[*] 192.168.3.20 appears to be up (UNKNOWN).
[*] 192.168.3.24 appears to be up (UNKNOWN).
[*] 192.168.3.85 appears to be up (UNKNOWN).
[*] 192.168.3.88 appears to be up (UNKNOWN).
[*] 192.168.3.96 appears to be up (UNKNOWN).
[*] 192.168.3.111 appears to be up (UNKNOWN).
[*] 192.168.3.133 appears to be up (UNKNOWN).
[*] 192.168.3.140 appears to be up (UNKNOWN).
[*] 192.168.3.142 appears to be up (UNKNOWN).
[*] 192.168.3.144 appears to be up (UNKNOWN).
[*] 192.168.3.168 appears to be up (UNKNOWN).
[*] 192.168.3.172 appears to be up (UNKNOWN).
[*] 192.168.3.176 appears to be up (UNKNOWN).
[*] 192.168.3.186 appears to be up (UNKNOWN).
[*] 192.168.3.191 appears to be up (UNKNOWN).
[*] 192.168.3.199 appears to be up (Raspberry Pi Foundation).
[*] 192.168.3.211 appears to be up (UNKNOWN).
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(arp_sweep) >
 
 
msf > use auxiliary/scanner/discovery/udp_sweep
msf auxiliary(udp_sweep) > show options
 
Module options (auxiliary/scanner/discovery/udp_sweep):
 
   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   BATCHSIZE  256              yes       The number of hosts to probe in each set
   RHOSTS                      yes       The target address range or CIDR identifier
   THREADS    10               yes       The number of concurrent threads
 
msf auxiliary(udp_sweep) > set rhosts 192.168.3.0/24
rhosts => 192.168.3.0/24
msf auxiliary(udp_sweep) > set threads 100
threads => 100
msf auxiliary(udp_sweep) > run
 
[*] Sending 13 probes to 192.168.3.0->192.168.3.255 (256 hosts)
[*] Discovered DNS on 192.168.3.1:53 (36c8858000010001000000000756455253494f4e0442494e440000100003c00c0010000300000000000d0c646e736d6173712d322e3736)
[*] Discovered NetBIOS on 192.168.3.111:137 (LAPTOP-V63UITPH:<20>:U :LAPTOP-V63UITPH:<00>:U :WORKGROUP:<00>:G :74:c6:3b:9c:00:65)
[*] Discovered NTP on 192.168.3.199:123 (NTP v4)
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
 
Nmap
 
msf > nmap -sn 192.168.3.0/24
[*] exec: nmap -sn 192.168.3.0/24
 
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-08 16:17 CST
Nmap scan report for RT-AC54U (192.168.3.1)
Host is up (0.0015s latency).
MAC Address: 8C:AB:8E:FA:10:A1 (Shanghai Feixun Communication)
Nmap scan report for 192.168.3.24
Host is up (0.018s latency).
MAC Address: B8:44:D9:D0:04:08 (Apple)
Nmap scan report for DESKTOP-QU5496C (192.168.3.88)
Host is up (0.00052s latency).
MAC Address: 80:E6:50:15:C2:60 (Apple)
Nmap scan report for 192.168.3.96
Host is up (0.057s latency).
MAC Address: 14:2D:27:2B:1C:E9 (Hon Hai Precision Ind.)
Nmap scan report for 192.168.3.111
Host is up (0.050s latency).
MAC Address: 74:C6:3B:9C:00:65 (AzureWave Technology)
Nmap scan report for 192.168.3.140
Host is up (0.10s latency).
MAC Address: 00:CD:FE:33:16:02 (Apple)
Nmap scan report for 192.168.3.165
Host is up (0.019s latency).
MAC Address: C0:EE:FB:EA:80:8A (OnePlus Tech (Shenzhen))
Nmap scan report for 192.168.3.168
Host is up (0.085s latency).
MAC Address: 9C:B6:D0:12:75:27 (Rivet Networks)
Nmap scan report for 192.168.3.186
Host is up (0.11s latency).
MAC Address: E4:F8:9C:E7:58:B0 (Intel Corporate)
Nmap scan report for 192.168.3.191
Host is up (0.10s latency).
MAC Address: 68:DB:CA:74:57:B9 (Apple)
Nmap scan report for android-9b63a7f1b6f8164f (192.168.3.219)
Host is up (0.075s latency).
MAC Address: B8:5A:73:C9:E6:E2 (Samsung Electronics)
Nmap scan report for 192.168.3.103
Host is up.
Nmap done: 256 IP addresses (12 hosts up) scanned in 1.78 seconds
 
nmap  -PU对开放的UDP端口进行探测以确定存活的主机
-sn 告诉nmap仅探测存活主机不对tcp端口进行扫描
 
msf > nmap -PU -sn 192.168.3.0/24
[*] exec: nmap -PU -sn 192.168.3.0/24
 
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-08 16:48 CST
Nmap scan report for RT-AC54U (192.168.3.1)
Host is up (0.0020s latency).
MAC Address: 8C:AB:8E:FA:10:A1 (Shanghai Feixun Communication)
Nmap scan report for 192.168.3.20
Host is up (0.015s latency).
MAC Address: 68:DB:CA:A9:CE:63 (Apple)
Nmap scan report for 192.168.3.21
Host is up (0.017s latency).
MAC Address: A0:CC:2B:A4:29:E5 (Murata Manufacturing)
Nmap scan report for 192.168.3.24
Host is up (0.018s latency).
MAC Address: B8:44:D9:D0:04:08 (Apple)
Nmap scan report for DESKTOP-QU5496C (192.168.3.88)
Host is up (0.00023s latency).
MAC Address: 80:E6:50:15:C2:60 (Apple)
Nmap scan report for 192.168.3.96
Host is up (0.072s latency).
MAC Address: 14:2D:27:2B:1C:E9 (Hon Hai Precision Ind.)
Nmap scan report for 192.168.3.111
Host is up (0.070s latency).
MAC Address: 74:C6:3B:9C:00:65 (AzureWave Technology)
Nmap scan report for 192.168.3.133
Host is up (0.10s latency).
MAC Address: 5C:AD:CF:86:87:B1 (Apple)
Nmap scan report for 192.168.3.140
Host is up (0.061s latency).
MAC Address: 00:CD:FE:33:16:02 (Apple)
Nmap scan report for 192.168.3.142
Host is up (0.10s latency).
MAC Address: 20:AB:37:62:9F:18 (Apple)
Nmap scan report for 192.168.3.144
Host is up (0.089s latency).
MAC Address: 70:EC:E4:D4:E9:D2 (Apple)
Nmap scan report for 192.168.3.176
Host is up (0.058s latency).
MAC Address: 04:52:F3:13:38:71 (Apple)
Nmap scan report for 192.168.3.186
Host is up (0.093s latency).
MAC Address: E4:F8:9C:E7:58:B0 (Intel Corporate)
Nmap scan report for 192.168.3.195
Host is up (0.050s latency).
MAC Address: 5C:A8:6A:A7:90:4F (Huawei Technologies)
Nmap scan report for raspberrypi (192.168.3.199)
Host is up (0.048s latency).
MAC Address: B8:27:EB:A9:1C:84 (Raspberry Pi Foundation)
Nmap scan report for 192.168.3.211
Host is up (0.018s latency).
MAC Address: C8:F2:30:9E:93:83 (Guangdong Oppo Mobile Telecommunications)
Nmap scan report for 192.168.3.103
Host is up.
Nmap done: 256 IP addresses (17 hosts up) scanned in 2.59 seconds
msf > nmap -PU 192.168.3.0/24
[*] exec: nmap -PU 192.168.3.0/24
 
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-08 16:18 CST
 
Nmap scan report for RT-AC54U (192.168.3.1)
Host is up (0.0055s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
53/tcp   open  domain
1723/tcp open  pptp
8000/tcp open  http-alt
MAC Address: 8C:AB:8E:FA:10:A1 (Shanghai Feixun Communication)
 
Nmap scan report for 192.168.3.20
Host is up (0.0044s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 68:DB:CA:A9:CE:63 (Apple)
 
Nmap scan report for 192.168.3.24
Host is up (0.011s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: B8:44:D9:D0:04:08 (Apple)
 
Nmap scan report for DESKTOP-QU5496C (192.168.3.88)
Host is up (0.00063s latency).
Not shown: 998 filtered ports
PORT     STATE SERVICE
80/tcp   open  http
3306/tcp open  mysql
MAC Address: 80:E6:50:15:C2:60 (Apple)
 
Nmap scan report for 192.168.3.96
Host is up (0.019s latency).
Not shown: 983 closed ports
PORT      STATE    SERVICE
80/tcp    open     http
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
445/tcp   filtered microsoft-ds
2869/tcp  open     icslap
5060/tcp  open     sip
5357/tcp  open     wsdapi
5678/tcp  open     rrac
9593/tcp  open     cba8
9594/tcp  open     msgsys
9595/tcp  open     pds
10000/tcp open     snet-sensor-mgmt
33354/tcp open     unknown
49152/tcp open     unknown
49153/tcp open     unknown
49154/tcp open     unknown
49176/tcp open     unknown
MAC Address: 14:2D:27:2B:1C:E9 (Hon Hai Precision Ind.)
 
Nmap scan report for 192.168.3.111
Host is up (0.086s latency).
Not shown: 999 filtered ports
PORT     STATE SERVICE
6646/tcp open  unknown
MAC Address: 74:C6:3B:9C:00:65 (AzureWave Technology)
 
Nmap scan report for 192.168.3.133
Host is up (0.21s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 5C:AD:CF:86:87:B1 (Apple)
 
Nmap scan report for 192.168.3.140
Host is up (0.012s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 00:CD:FE:33:16:02 (Apple)
 
Nmap scan report for 192.168.3.142
Host is up (0.021s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 20:AB:37:62:9F:18 (Apple)
 
Nmap scan report for 192.168.3.144
Host is up (0.0055s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 70:EC:E4:D4:E9:D2 (Apple)
 
Nmap scan report for 192.168.3.168
Host is up (0.0053s latency).
Not shown: 997 filtered ports
PORT     STATE SERVICE
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
6646/tcp open  unknown
MAC Address: 9C:B6:D0:12:75:27 (Rivet Networks)
 
Nmap scan report for 192.168.3.176
Host is up (0.0078s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 04:52:F3:13:38:71 (Apple)
 
Nmap scan report for 192.168.3.186
Host is up (0.017s latency).
Not shown: 992 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49156/tcp open  unknown
49157/tcp open  unknown
MAC Address: E4:F8:9C:E7:58:B0 (Intel Corporate)
 
Nmap scan report for 192.168.3.191
Host is up (0.046s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync
MAC Address: 68:DB:CA:74:57:B9 (Apple)
 
Nmap scan report for raspberrypi (192.168.3.199)
Host is up (0.0072s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
3389/tcp open  ms-wbt-server
MAC Address: B8:27:EB:A9:1C:84 (Raspberry Pi Foundation)
 
Nmap scan report for 192.168.3.211
Host is up (0.020s latency).
All 1000 scanned ports on 192.168.3.211 are closed
MAC Address: C8:F2:30:9E:93:83 (Guangdong Oppo Mobile Telecommunications)
 
Nmap scan report for android-9b63a7f1b6f8164f (192.168.3.219)
Host is up (0.48s latency).
Not shown: 997 closed ports
PORT      STATE    SERVICE
1244/tcp  filtered isbconference1
32781/tcp filtered unknown
40911/tcp filtered unknown
MAC Address: B8:5A:73:C9:E6:E2 (Samsung Electronics)
 
Nmap scan report for 192.168.3.103
Host is up (0.0000020s latency).
All 1000 scanned ports on 192.168.3.103 are closed
 
Nmap done: 256 IP addresses (18 hosts up) scanned in 1544.16 seconds
msf >
 
 

MSF魔鬼训练营-3.2.1活跃主机扫描的更多相关文章

  1. MSF魔鬼训练营-3.4.2网络漏洞扫描-OpenVAS(待补完)PS:在虚拟机里面运行OpenVAS扫描的进度真的是超慢啊...

     由于新版的kali中没有预装OpenVAS.所以在虚拟机中安装花了非常多的时间. 安装过程参考:http://www.cnblogs.com/zlslch/p/6872559.html过程写的非常详 ...

  2. Nmap的活跃主机探测常见方法

    最近由于工作需求,开始对Nmap进行一点研究,主要是Nmap对于主机活跃性的探测,也就是存活主机检测的领域. Nmap主机探测方法一:同网段优先使用arp探测: 当启动Namp主机活跃扫描时候,Nma ...

  3. [原创]K8Cscan插件之Web主机扫描(存活主机、机器名、Banner、标题)

    [原创]K8 Cscan 大型内网渗透自定义扫描器 https://www.cnblogs.com/k8gege/p/10519321.html Cscan简介:何为自定义扫描器?其实也是插件化,但C ...

  4. [原创]K8Cscan插件之存活主机扫描

    [原创]K8 Cscan 大型内网渗透自定义扫描器 https://www.cnblogs.com/k8gege/p/10519321.html Cscan简介:何为自定义扫描器?其实也是插件化,但C ...

  5. python scapy的用法之ARP主机扫描和ARP欺骗

    python scapy的用法之ARP主机扫描和ARP欺骗 目录: 1.scapy介绍 2.安装scapy 3.scapy常用 4.ARP主机扫描 5.ARP欺骗 一.scapy介绍 scapy是一个 ...

  6. python模块之sys和subprocess以及编写简单的主机扫描脚本

    python模块之sys和subprocess以及编写简单的主机扫描脚本 1.sys模块 sys.exit(n)  作用:执行到主程序末尾,解释器自动退出,但是如果需要中途退出程序,可以调用sys.e ...

  7. Linux常用网络工具:hping高级主机扫描

    之前介绍了主机扫描工具fping,可以参考我写的<Linux常用网络工具:fping主机扫描>. hping是一款更高级的主机扫描工具,它支持TCP/IP数据包构造.分析,在某些防火墙配置 ...

  8. Linux常用网络工具:fping主机扫描

    Linux下有很多强大网络扫描工具,网络扫描工具可以分为:主机扫描.主机服务扫描.路由扫描等. fping是一个主机扫描工具,相比于ping工具可以批量扫描主机. fping官方网站:http://f ...

  9. QT---基于WinPcap的局域网络管理工具(主机扫描、包过滤、ARP攻击、端口扫描)

    主要功能 本机适配器扫描 局域网各主机扫描 类似于WinShark的抓包工具,能够简单的过滤Tcp.Udp.Arp等包 ARP攻击功能,限制局域网内指定主机上网 流量统计,统计实时网速 多线程攻击,多 ...

随机推荐

  1. git diff 以及解决代码冲突

    我是使用一台电脑测试, 然后在本地电脑创建了两个工作目录.专门用来模拟两个人提交代码.假设a.b两个人.只使用一个master分支做测试, 没有建立其他的分支. 主要就是为了研究冲突的解决方式.感觉g ...

  2. P4981 父子 Cayley公式

    CayleyCayley公式的定义是这样的,对于n个不同的节点,能够组成的无根树(原来是无向连通图或者是有标志节点的树)的种数是n^(n-2)种.(这里让大家好理解一点,就写成了无根树,其实应该是一样 ...

  3. MessagePack Java Jackson Dataformat - POJO 的序列化和反序列化

    在本测试代码中,我们定义了一个 POJO 类,名字为 MessageData,你可以访问下面的链接找到有关这个类的定义. https://github.com/cwiki-us-demo/serial ...

  4. 状压dpHDU - 4856

    J - Tunnels HDU - 4856 题目大意:地图上有些管道,在管道行走里不需要花费时间,但从一个管道的出口走到另一个管道的入口则需要花费时间,问走完所有管道最短的时间,如果不行,则输出-1 ...

  5. 2019暑假集训 windy数

    题目描述 Windy 定义了一种 Windy 数:不含前导零且相邻两个数字之差至少为2的正整数被称为 Windy 数. Windy 想知道,在A和B之间,包括A和B,总共有多少个 Windy 数? 输 ...

  6. go之流程控制

    一.与用户交互 var name string fmt.Scanln(&name) # 一定得传指针,因为我要修改的是name的值 fmt.Println(name) 二.if判断 1.if ...

  7. 安装PyTorch-Geometric包

    pip install torch-scatter # 报错 error: Microsoft Visual C++ 14.0 is required. Get it with "Micro ...

  8. thinkphp session 跨域问题解决方案

    session 跨域,困扰我好几天,今天终于弄明白了! 不管是thinkphp ,还是本身的php 其实都要设置session.cookie_domain 设置好,就OK了 在thinkphp 里,在 ...

  9. Nginx事件管理之概念描述

    1. Nginx事件管理概述 首先,Nginx定义了一个核心模块ngx_events_module,这样在Nginx启动时会调用ngx_init_cycle方法解析配置项,一旦在 nginx.conf ...

  10. ubuntu下apt-get 命令参数

    转载:https://blog.csdn.net/linuxzhouying/article/details/7192612 ubuntu下apt-get 命令参数 常用的APT命令参数 apt-ca ...