- To enumerate systems using ARP in Metasploit, you can use the ARP Sweep Local Network Discovery auxiliary module. You just need to set the target address range in RHOSTS, set the number of concurrent threads, and run the module:
msf > use auxiliary/scanner/discovery/arp_sweep
msf auxiliary(arp_sweep) > set RHOSTS 192.168.216.0/24
RHOSTS => 192.168.216.0/24
msf auxiliary(arp_sweep) > set THREADS 256
THREADS => 256
msf auxiliary(arp_sweep) > run
[+] 192.168.216.1 appears to be up (VMware, Inc.).
[+] 192.168.216.2 appears to be up (VMware, Inc.).
[+] 192.168.216.10 appears to be up (VMware, Inc.).
[+] 192.168.216.129 appears to be up (VMware, Inc.).
[+] 192.168.216.254 appears to be up (VMware, Inc.).
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(arp_sweep) >
- If enabled, the results will be stored in the Metasploit database. To display the hosts discovered, you can use the hosts command:
msf auxiliary(arp_sweep) > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.216.1 00:50:56:c0:00:08
192.168.216.2 00:50:56:e3:fd:60
192.168.216.10 00:0c:29:38:b3:a9
192.168.216.129 00:0c:29:79:a6:61
192.168.216.254 00:50:56:fe:6a:62
msf auxiliary(arp_sweep) >