TCP Port Scanner

We can start by doing a basic TCP portscan with the TCP Port Scanner auxiliary module and see what we can find.

Since the TCP Port Scanner auxiliary module does not need administrative privileges on the source machine, it can be extremely useful when pivoting.

To run the TCP Port Scanner auxiliary module, we need to set the RHOSTS to the target range of our lab 192.168.216.0/24 and set the number of concurrent threads to 100 to speed up the scan:

Scanners and most other auxiliary modules use the RHOSTS option instead of RHOST. 
msf > use auxiliary/scanner/portscan/
msf auxiliary(tcp) > set RHOSTS 192.168.216.0/24
RHOSTS => 192.168.216.0/24
msf auxiliary(tcp) > set THREADS 100
THREADS => 100
msf auxiliary(tcp) > run

[+] 192.168.216.5:    - 192.168.216.5:22      - TCP OPEN
[+] 192.168.216.10:   - 192.168.216.10:22     - TCP OPEN
[+] 192.168.216.10:   - 192.168.216.10:139    - TCP OPEN
[+] 192.168.216.10:   - 192.168.216.10:135    - TCP OPEN
...

[+] 192.168.216.10:   - 192.168.216.10:9300   - TCP OPEN
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed

When using Metasploit modules, you can check the available options for that specific module using the show options command and use the show missing command to show the missing values required by the module:

msf auxiliary(tcp) > show missing 

Module options (auxiliary/scanner/portscan/tcp):

   Name   Current Setting   Required  Description
   ----   ---------------   --------  -----------
   RHOSTS                   yes       The target address range or CIDR identifier
上一章目录下一章