Metasploit中不仅能够使用第三方扫描器Nmap等,在其辅助模块中也包含了几款内建的端口扫描器。
查看Metasploit框架提供的端口扫描工具:
msf > search portscanMatching Modules================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- auxiliary/scanner/http/wordpress_pingback_access normal Wordpress Pingback Locator auxiliary/scanner/natpmp/natpmp_portscan normal NAT-PMP External Port Scanner auxiliary/scanner/portscan/ack normal TCP ACK Firewall Scanner auxiliary/scanner/portscan/ftpbounce normal FTP Bounce Port Scanner auxiliary/scanner/portscan/syn normal TCP SYN Port Scanner auxiliary/scanner/portscan/tcp normal TCP Port Scanner auxiliary/scanner/portscan/xmas normal TCP "XMas" Port Scanner
使用Metasploit的SYN端口扫描器对单个主机进行一次简单的扫描:
msf > use scanner/portscan/syn
设定RHOST参数为192.168.119.132,线程数为50
RHOSTS => 192.168.119.132msf auxiliary(syn) > set THREADS 50THREADS => 50msf auxiliary(syn) > run[*] TCP OPEN 192.168.119.132:80[*] TCP OPEN 192.168.119.132:135[*] TCP OPEN 192.168.119.132:139[*] TCP OPEN 192.168.119.132:1433[*] TCP OPEN 192.168.119.132:2383[*] TCP OPEN 192.168.119.132:3306[*] TCP OPEN 192.168.119.132:3389[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completed