CONTENTS
!!!笔记仅供学习交流使用,请勿进行其他用途!!!
Metasploit自带扫描模块:
arp_sweep模块:
路径:auxiliary/scanner/discovery/arp_sweep
注意事项:使用ARP扫描协议,可以快速扫描同一网段内活跃主机,最好配置好源地址和IP
msf > search arp_sweep Matching Modules ================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- auxiliary/scanner/discovery/arp_sweep normal ARP Sweep Local Network Discovery msf > use auxiliary/scanner/discovery/arp_sweep msf auxiliary(arp_sweep) > show options Module options (auxiliary/scanner/discovery/arp_sweep): Name Current Setting Required Description ---- --------------- -------- ----------- INTERFACE no The name of the interface RHOSTS yes The target address range or CIDR identifier SHOST no Source IP Address SMAC no Source MAC Address THREADS 1 yes The number of concurrent threads TIMEOUT 5 yes The number of seconds to wait for new data msf auxiliary(arp_sweep) > set RHOSTS 10.10.10.0-10.10.10.255 RHOSTS => 10.10.10.0-10.10.10.255 msf auxiliary(arp_sweep) > set THREADS 50 THREADS => 50 msf auxiliary(arp_sweep) > exploit 。。。。。 。。。。。
udp_sweep模块:
路径:auxiliary/scanner/discovery/udp_sweep
msf> search udp_sweep Matching Modules ================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- auxiliary/scanner/discovery/udp_sweep normal UDP Service Sweeper msf> use auxiliary/scanner/discovery/udp_sweep msf auxiliary(udp_sweep) > show options Module options (auxiliary/scanner/discovery/udp_sweep): Name Current Setting Required Description ---- --------------- -------- ----------- BATCHSIZE 256 yes The number of hosts to probe in each set CHOST no The local client address RHOSTS yes The target address range or CIDR identifier THREADS 1 yes The number of concurrent threads msf auxiliary(udp_sweep) > set RHOSTS 10.10.10.0-10.10.10.255 RHOSTS => 10.10.10.0-10.10.10.255 msf auxiliary(udp_sweep) > set THREADS 50 THREADS => 50 msf auxiliary(udp_sweep) > exploit 。。。。。 。。。。。
udp_probe模块:
路径:auxiliary/scanner/discovery/udp_probe
。。。。。
。。。。。
nmap工具:
使用Nmap进行ping式扫描:
用途:发送ping命令进行探测,可能会被防火墙阻挡。
nmap -sn 10.10.10.0-255
使用Nmap进行udp式扫描:
用途:发送UDP包探测,和udp_sweep模块类似。
nmap -PU -sn 10.10.10.0-255 #PU:UDP方式探测 sn:仅探测主机,不探测端口,加速探测。
参考:
http://www.offensive-security.com/metasploit-unleashed/Scanner_Discovery_Auxiliary_Modules
发表评论