Metasploit中不仅能够使用第三方扫描器Nmap等,在其辅助模块中也包含了几款内建的端口扫描器。
查看Metasploit框架提供的端口扫描工具:
msf > search portscan Matching Modules
================ Name Disclosure Date Rank Description
---- --------------- ---- -----------
auxiliary/scanner/http/wordpress_pingback_access normal Wordpress Pingback Locator
auxiliary/scanner/natpmp/natpmp_portscan normal NAT-PMP External Port Scanner
auxiliary/scanner/portscan/ack normal TCP ACK Firewall Scanner
auxiliary/scanner/portscan/ftpbounce normal FTP Bounce Port Scanner
auxiliary/scanner/portscan/syn normal TCP SYN Port Scanner
auxiliary/scanner/portscan/tcp normal TCP Port Scanner
auxiliary/scanner/portscan/xmas normal TCP "XMas" Port Scanner
使用Metasploit的SYN端口扫描器对单个主机进行一次简单的扫描:
msf > use scanner/portscan/syn
设定RHOST参数为192.168.119.132,线程数为50
RHOSTS => 192.168.119.132
msf auxiliary(syn) > set THREADS 50
THREADS => 50
msf auxiliary(syn) > run [*] TCP OPEN 192.168.119.132:80
[*] TCP OPEN 192.168.119.132:135
[*] TCP OPEN 192.168.119.132:139
[*] TCP OPEN 192.168.119.132:1433
[*] TCP OPEN 192.168.119.132:2383
[*] TCP OPEN 192.168.119.132:3306
[*] TCP OPEN 192.168.119.132:3389
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed