kali-渗透工具
1、Metasploit-Framework
Metasploit是一款开源的渗透测试框架平台,到目前为止,msf已经内置了数千个 已披露的漏洞相关的模块和渗透测试工具,模块使用ruby语言编写,这使得使用者 能够根据需要对模块进行适当修改,甚至是调用自己写的测试模块。选定需要使用 的攻击模块之后,你只需要使用简单的命令配置一些参数就能完成针对一个漏洞的 测试和利用,将渗透的过程自动化、简单化。
metasploit使用的是postgresql数据库,postgresql数据库的状态不会影响metasploit的运行,postgresql数据库记录着用户对目标渗透的结果,如端口,凭证信息等。如果没有数据库连接,msf记录的信息等都是一次性的,即重新启动msf之前的渗透目标的信息都会被清空
msf有七个核心模块,各自的作用:
-
Payloads (载荷模块):这个模块提供了一系列的攻击载荷,可用于在攻击目标机器成功后执行恶意代码。其中一些载荷允许攻击者获得对操作系统的完全控制权。
-
Exploits (漏洞利用模块):这个模块包含了大量的漏洞利用,它们利用常见的操作系统漏洞,例如操作系统的缓冲区溢出漏洞、SQL注入漏洞等,并利用这些漏洞来实现针对目标机器攻击。
-
Auxiliary (辅助模块):这个模块包含了许多辅助工具,用于执行攻击相关的非攻击性任务,比如扫描网络、收集操作系统信息、绕过防御机制等。
-
Enc (编码器模块):这个模块包含了一些编码/加密工具,用于加密Metasploit的恶意代码,从而绕过某些防御机制,例如杀毒软件的检测。
-
Nops (空指令模块):这个模块含有空指令的代码,它们可以用于在攻击载荷中添加无操作的代码,以帮助攻击者在攻击时防止因为代码长度不是4的倍数而被截断。
-
Post (后渗透模块):这个块提供了一些有关渗透后行动的工具,它允许攻击者在成功入侵目标计算机后进行大规模的系统和应用程序扫描、查找敏感数据、执行进一步的攻击等操作。
-
Shellcodes (Shellcode模块):这个模块包含各种使用进程内存空间完成某些操作的Shellcode,如打开一个bind全一的口监听、执行一个程序等。这个模块的对象和开发shellcode工具类似。
查看每个核心模块都包含哪些具体模块,例如搜寻exploits 模块
msf6 > search exploits
启动postgresql数据库
# service postgresql start
初始化数据
# msfdb init
[i] Database already started
[+] Creating database user 'msf'
[+] Creating databases 'msf'
[+] Creating databases 'msf_test'
[+] Creating configuration file '/usr/share/metasploit-framework/config/database.yml'
[+] Creating initial database schema
启动msf控制台
# msfconsole
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %% %%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% % %%%%%%%% %%%%%%%%%%% https://metasploit.com %%%%%%%%%%%%%%%%%%%%%%%%
%% %% %%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%% %% %%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%%
%%%% %% %% % %% %% %%%%% % %%%% %% %%%%%% %%
%%%% %% %% % %%% %%%% %%%% %% %%%% %%%% %% %% %% %%% %% %%% %%%%%
%%%% %%%%%% %% %%%%%% %%%% %%% %%%% %% %% %%% %%% %% %% %%%%%
%%%%%%%%%%%% %%%% %%%%% %% %% % %% %%%% %%%% %%% %%% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%% %%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
=[ metasploit v6.3.25-dev ]
+ -- --=[ 2332 exploits - 1219 auxiliary - 413 post ]
+ -- --=[ 1385 payloads - 46 encoders - 11 nops ]
+ -- --=[ 9 evasion ]
Metasploit tip: Start commands with a space to avoid saving
them to history
Metasploit Documentation: https://docs.metasploit.com/
查看数据库连接状态
msf6 > db_status
[*] Connected to msf. Connection type: postgresql.
创建工作区
msf6 > workspace -a msftest
信息收集扫描
msf6 > db_nmap 192.168.203.1-10
## 扫描到的主机IP信息
msf6 > hosts
## 扫描到的主机服务信息
msf6 > services
ssh版本探测模块
## 使用auxiliary/scanner/ssh/ssh_version模块
msf6 > use auxiliary/scanner/ssh/ssh_version
## 查看设置选项
msf6 auxiliary(scanner/ssh/ssh_version) > options
## 查看service信息,-u 显示开启的service,-R 查询的结果设置RHOSTS 变量中
msf6 auxiliary(scanner/ssh/ssh_version) > services -u -p 22 -R
## setg 设置全局变量
msf6 auxiliary(scanner/ssh/ssh_version) > setg threads 3
## 运行模块
msf6 auxiliary(scanner/ssh/ssh_version) > run
http版本探测模块
msf6 auxiliary(scanner/ssh/ssh_version) > use auxiliary/scanner/http/http_version
msf6 auxiliary(scanner/http/http_version) > services -u -p 80 -R
msf6 auxiliary(scanner/http/http_version) > options
msf6 auxiliary(scanner/http/http_version) > run
smb版本探测模块
msf6 auxiliary(scanner/http/http_version) > use auxiliary/scanner/smb/smb_version
msf6 auxiliary(scanner/smb/smb_version) > services -u -p 445 -R
msf6 auxiliary(scanner/smb/smb_version) > run
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 使用C#创建一个MCP客户端
· 分享一个免费、快速、无限量使用的满血 DeepSeek R1 模型,支持深度思考和联网搜索!
· ollama系列1:轻松3步本地部署deepseek,普通电脑可用
· 基于 Docker 搭建 FRP 内网穿透开源项目(很简单哒)
· 按钮权限的设计及实现