Metasploit中不仅能够使用第三方扫描器Nmap等,在其辅助模块中也包含了几款内建的端口扫描器。
查看Metasploit框架提供的端口扫描工具:
msf > search portscan Matching Modules ================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- auxiliary/scanner/http/wordpress_pingback_access normal Wordpress Pingback Locator auxiliary/scanner/natpmp/natpmp_portscan normal NAT-PMP External Port Scanner auxiliary/scanner/portscan/ack normal TCP ACK Firewall Scanner auxiliary/scanner/portscan/ftpbounce normal FTP Bounce Port Scanner auxiliary/scanner/portscan/syn normal TCP SYN Port Scanner auxiliary/scanner/portscan/tcp normal TCP Port Scanner auxiliary/scanner/portscan/xmas normal TCP "XMas" Port Scanner
使用Metasploit的SYN端口扫描器对单个主机进行一次简单的扫描:
msf > use scanner/portscan/syn
设定RHOST参数为192.168.119.132,线程数为50
RHOSTS => 192.168.119.132 msf auxiliary(syn) > set THREADS 50 THREADS => 50 msf auxiliary(syn) > run [*] TCP OPEN 192.168.119.132:80 [*] TCP OPEN 192.168.119.132:135 [*] TCP OPEN 192.168.119.132:139 [*] TCP OPEN 192.168.119.132:1433 [*] TCP OPEN 192.168.119.132:2383 [*] TCP OPEN 192.168.119.132:3306 [*] TCP OPEN 192.168.119.132:3389 [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed