Matasploit主机扫描 之 使用辅助模块进行端口扫描

使用辅助模块进行端口扫描

root@kali:~# msfconsole #进入msf

...

msf5 > search portscan #搜索有哪些可用端口模块

Matching Modules
================

   #  Name                                              Disclosure Date  Rank    Check  Description
   -  ----                                              ---------------  ----    -----  -----------
   0  auxiliary/scanner/http/wordpress_pingback_access                   normal  No     Wordpress Pingback Locator
   1  auxiliary/scanner/natpmp/natpmp_portscan                           normal  No     NAT-PMP External Port Scanner
   2  auxiliary/scanner/portscan/ack                                     normal  No     TCP ACK Firewall Scanner
   3  auxiliary/scanner/portscan/ftpbounce                               normal  No     FTP Bounce Port Scanner
   4  auxiliary/scanner/portscan/syn                                     normal  No     TCP SYN Port Scanner
   5  auxiliary/scanner/portscan/tcp                                     normal  No     TCP Port Scanner
   6  auxiliary/scanner/portscan/xmas                                    normal  No     TCP "XMas" Port Scanner
   7  auxiliary/scanner/sap/sap_router_portscanner                       normal  No     SAPRouter Port Scanner

msf5 > use auxiliary/scanner/portscan/tcp #以TCP扫描模块为例，输入use即可使用该漏洞利用模块
msf5 auxiliary(scanner/portscan/tcp) > show options     #查看需要设置的参数                                       
                                                                                               
Module options (auxiliary/scanner/portscan/tcp):                                               
                                                                                               
   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   CONCURRENCY  10               yes       The number of concurrent ports to check per host
   DELAY        0                yes       The delay between connections, per thread, in milliseconds
   JITTER       0                yes       The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.
   PORTS        1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS                        yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   THREADS      1                yes       The number of concurrent threads (max one per host)
   TIMEOUT      1000             yes       The socket connect timeout in milliseconds

msf5 auxiliary(scanner/portscan/tcp) > set RHOST 192.168.43.101 #set/unset命令 设置/取消参数值设置
RHOST => 192.168.43.101
msf5 auxiliary(scanner/portscan/tcp) > set PORTS 1-1000
PORTS => 1-1000
msf5 auxiliary(scanner/portscan/tcp) > set THREADS 20
THREADS => 20
msf5 auxiliary(scanner/portscan/tcp) > show options

Module options (auxiliary/scanner/portscan/tcp):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   CONCURRENCY  10               yes       The number of concurrent ports to check per host
   DELAY        0                yes       The delay between connections, per thread, in milliseconds
   JITTER       0                yes       The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.
   PORTS        1-1000           yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS       192.168.43.101   yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   THREADS      20               yes       The number of concurrent threads (max one per host)
   TIMEOUT      1000             yes       The socket connect timeout in milliseconds

sf5 auxiliary(scanner/portscan/tcp) > run #运行，可以看到，目标机上开放了139和135两个端口
[+] 192.168.43.101:       - 192.168.43.101:139 - TCP OPEN
[+] 192.168.43.101:       - 192.168.43.101:135 - TCP OPEN
[*] 192.168.43.101:       - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed