弱点扫描
根据信息收集结果搜索漏洞利用模块
结合外部漏洞扫描系统对大IP地址段进行批量扫描
可以考虑对单个ip,单个服务进行扫描
NVC 密码破解
端口:5900
use auxiliary/scanner/vnc/vcn_login
VNC 无密码访问
use auxiliary/scanner/vnc/vnc_none__auth
-supported:None,free access1
RDP远程桌面漏洞
端口:3389
use auxiliary/scanner/rdp/ms12_020_check
检查不会造成dos攻击
设备后门
use auxiliary/scanner/ssh/juniper_backdoor
use auxiliary/scanner/ssh/fortinet_backdoor
VMWare ESXI 密码破解
use auxiliary/scanner/vmware/vmauthd_login 爆破
use auxiliary/scanner/vmware/vmware_enum_vms 枚举虚拟机
利用WEB API 远程开启虚拟机
use auxiliary/admin/vmware/poweron_vm
HTTP弱点扫描
过期证书:use auxiliary/scanner/http/cert
显示目录及文件
use auxiliary/scanner/http/dir_listing
use auxiliary/scanner/http/fies_dir
WebDAV Unicode 编码身份验证绕过
use auxiliary/scanner/http/dir_Webday_unicode_bypass
Tomcat 管理登录
use auxiliary/scanner/http/tomcat_mgr_login
基于HTTP方法的身份验证绕过
use auxiliary/scanner/http/verb_auth_bypass
Wordpress密码爆破(个人博客,个人站点破解)
use auxiliary/scanner/http/wordpress_login_enum
set URI/wordpress/wp-login.php