Metasploit中不仅能够使用第三方扫描器Nmap等,在其辅助模块中也包含了几款内建的端口扫描器。

查看Metasploit框架提供的端口扫描工具:

msf > search portscan

Matching Modules
================

   Name                                              Disclosure Date  Rank    Description
   ----                                              ---------------  ----    -----------
   auxiliary/scanner/http/wordpress_pingback_access                   normal  Wordpress Pingback Locator
   auxiliary/scanner/natpmp/natpmp_portscan                           normal  NAT-PMP External Port Scanner
   auxiliary/scanner/portscan/ack                                     normal  TCP ACK Firewall Scanner
   auxiliary/scanner/portscan/ftpbounce                               normal  FTP Bounce Port Scanner
   auxiliary/scanner/portscan/syn                                     normal  TCP SYN Port Scanner
   auxiliary/scanner/portscan/tcp                                     normal  TCP Port Scanner
   auxiliary/scanner/portscan/xmas                                    normal  TCP "XMas" Port Scanner

 使用Metasploit的SYN端口扫描器对单个主机进行一次简单的扫描:

msf > use scanner/portscan/syn

  设定RHOST参数为192.168.119.132,线程数为50

RHOSTS => 192.168.119.132
msf  auxiliary(syn) > set THREADS 50
THREADS => 50
msf  auxiliary(syn) > run

[*]  TCP OPEN 192.168.119.132:80
[*]  TCP OPEN 192.168.119.132:135
[*]  TCP OPEN 192.168.119.132:139
[*]  TCP OPEN 192.168.119.132:1433
[*]  TCP OPEN 192.168.119.132:2383
[*]  TCP OPEN 192.168.119.132:3306
[*]  TCP OPEN 192.168.119.132:3389
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed