Metasploit scanning

Some quick notes :)

Importing from nmap (ol skul)
  • db_status (make sure that your postgres is connected)
  • hosts (it should be empty)
  • nmap -sT -P0 -O --open -oX 10.1.87-range.xml (on the command line)
  • db_import /root/10.1.87-range.xml (or you can cd and ls to find the exact location and filename from your msf> console)
  • hosts (you should be able to see the hosts nmap has found)
  • services (it will show you the open ports on the found systems)
  • services -s ssh (break it down using the service name)
  • services -p 22 (break it down using the port number)
  • services -p 22 -R (When attacking multiple hosts or enumerating try this to load all the matching hosts to your RHOST option automagically)
  • hosts -d (to clear all imported hosts)
Using nmap through msfconsole (for the itchy junkie)
  • db_nmap -sT -P0 -O --open 
  • hosts (the itch stops)
The extra-quick way (usually == sloppy)
  • search portscan
  • use auxiliary/scanner/portscan/tcp 
  • set rhosts 
  • set threads 100 
  • set ports 445 80 21-25 110 139 143 8080 9090 8443 443 135 3389
  • run

to be continued...

Popular Posts