![]() ![]() Here we’ll load up the ‘tcp’ scanner and we’ll use it against another target. Scanned 256 of 256 hosts (100% complete) TIMEOUT 500 yes The reply read timeout in milliseconds THREADS 1 yes The number of concurrent threads SNAPLEN 65535 yes The number of bytes to capture RHOSTS yes The target address range or CIDR identifier JITTER 0 yes The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds. Name Current Setting Required DescriptionīATCHSIZE 256 yes The number of hosts to scan per setĭELAY 0 yes The delay between connections, per thread, in milliseconds Module options (auxiliary/scanner/portscan/syn): The Nmap scan we ran earlier was a SYN scan so we’ll run the same scan across the subnet looking for port 80 through our eth0 interface, using Metasploit. msf > cat subnet_1.gnmap | grep 80/open | awk '' ![]() First, let’s determine what hosts had port 80 open according to Nmap. msf > search portscanĪuxiliary/scanner/natpmp/natpmp_portscan normal NAT-PMP External Port ScannerĪuxiliary/scanner/portscan/ack normal TCP ACK Firewall ScannerĪuxiliary/scanner/portscan/ftpbounce normal FTP Bounce Port ScannerĪuxiliary/scanner/portscan/syn normal TCP SYN Port ScannerĪuxiliary/scanner/portscan/tcp normal TCP Port ScannerĪuxiliary/scanner/portscan/xmas normal TCP "XMas" Port Scannerįor the sake of comparison, we’ll compare our Nmap scan results for port 80 with a Metasploit scanning module. In addition to running Nmap, there are a variety of other port scanners that are available to us within the framework. Nmap done: 256 IP addresses (16 hosts up) scanned in 499.41 seconds The example below would then be db_nmap -v -sV 192.168.1.0/24. If we wished for our scan to be saved to our database, we would omit the output flag and use db_nmap. Run Nmap with the options you would normally use from the command line. So we can run the Nmap scan using the -oA flag followed by the desired filename to generate the three output files, then issue the db_import command to populate the Metasploit database. It is always nice to have all three Nmap outputs (xml, grepable, and normal). However, if you also wish to import the scan results into another application or framework later on, you will likely want to export the scan results in XML format. We can use the db_nmap command to run Nmap against our targets and our scan results would than be stored automatically in our database.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |