Kali linux 2016.2(Rolling)中metasploit的端口扫描

  1. 云栖社区>
  2. 博客>
  3. 正文

Kali linux 2016.2(Rolling)中metasploit的端口扫描

技术小哥哥 2017-11-06 11:55:00 浏览1077
展开阅读全文

  目前常见的端口扫描技术一般有如下几类: TCP  Connect、TCP SYN、TCP ACK、TCP FIN。

 

 

 

Metasploit中的端口扫描器

  Metasploit的辅助模块中提供了几款实用的端口扫描器。可以输入search portscan命令找到相关的端口扫描器。如下

复制代码
root@kali:~# msfconsole
......



msf > search portscan

Matching Modules
================

   Name                                              Disclosure Date  Rank    Description
   ----                                              ---------------  ----    -----------
   auxiliary/scanner/http/wordpress_pingback_access                   normal  Wordpress Pingback Locator
   auxiliary/scanner/natpmp/natpmp_portscan                           normal  NAT-PMP External Port Scanner
   auxiliary/scanner/portscan/ack                                     normal  TCP ACK Firewall Scanner
   auxiliary/scanner/portscan/ftpbounce                               normal  FTP Bounce Port Scanner
   auxiliary/scanner/portscan/syn                                     normal  TCP SYN Port Scanner
   auxiliary/scanner/portscan/tcp                                     normal  TCP Port Scanner
   auxiliary/scanner/portscan/xmas                                    normal  TCP "XMas" Port Scanner
   auxiliary/scanner/sap/sap_router_portscanner                       normal  SAPRouter Port Scanner


msf > 
复制代码

 

 

 

 

 

 

 

 

 Metasploit中ack扫描模块的使用过程

 

复制代码
msf > use auxiliary/scanner/portscan/ack    
msf auxiliary(ack) > set RHOSTS 202.193.58.13
RHOSTS => 202.193.58.13
msf auxiliary(ack) > set THREADS 20
THREADS => 20
msf auxiliary(ack) > run
复制代码

 

 

 

 

 

 

 

 

 

Metasploit中ftpbounce扫描模块的使用过程

 

复制代码
msf > use auxiliary/scanner/portscan/ftpbounce
msf auxiliary(ftpbounce) > set RHOSTS 202.193.58.13
RHOSTS => 202.193.58.13
msf auxiliary(ftpbounce) > set THREADS 20
THREADS => 20
msf auxiliary(ftpbounce) > run
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: BOUNCEHOST.
msf auxiliary(ftpbounce) > 
复制代码

 

 

 

 

 

Metasploit中tcp扫描模块的使用过程

 

复制代码
msf > use auxiliary/scanner/portscan/tcp
msf auxiliary(tcp) > set RHOSTS 202.193.58.13
RHOSTS => 202.193.58.13
msf auxiliary(tcp) > set THREADS 20
THREADS => 20
msf auxiliary(tcp) > run

[*] 202.193.58.13:        - 202.193.58.13:25 - TCP OPEN
[*] 202.193.58.13:        - 202.193.58.13:22 - TCP OPEN
[*] 202.193.58.13:        - 202.193.58.13:21 - TCP OPEN
[*] 202.193.58.13:        - 202.193.58.13:23 - TCP OPEN
复制代码

 

 

 

 

 

Metasploit中xmas扫描模块的使用过程

 

复制代码
msf > use auxiliary/scanner/portscan/xmas
msf auxiliary(xmas) > set RHOSTS 202.193.58.13
RHOSTS => 202.193.58.13
msf auxiliary(xmas) > set THREADS 20
THREADS => 20
msf auxiliary(xmas) > run

[*]  TCP OPEN|FILTERED 202.193.58.13:1
[*]  TCP OPEN|FILTERED 202.193.58.13:2
[*]  TCP OPEN|FILTERED 202.193.58.13:3
[*]  TCP OPEN|FILTERED 202.193.58.13:4
[*]  TCP OPEN|FILTERED 202.193.58.13:5
[*]  TCP OPEN|FILTERED 202.193.58.13:6
[*]  TCP OPEN|FILTERED 202.193.58.13:7
[*]  TCP OPEN|FILTERED 202.193.58.13:8
[*]  TCP OPEN|FILTERED 202.193.58.13:9
[*]  TCP OPEN|FILTERED 202.193.58.13:10
[*]  TCP OPEN|FILTERED 202.193.58.13:11
[*]  TCP OPEN|FILTERED 202.193.58.13:12
[*]  TCP OPEN|FILTERED 202.193.58.13:13
[*]  TCP OPEN|FILTERED 202.193.58.13:14
[*]  TCP OPEN|FILTERED 202.193.58.13:15
[*]  TCP OPEN|FILTERED 202.193.58.13:16
[*]  TCP OPEN|FILTERED 202.193.58.13:17
[*]  TCP OPEN|FILTERED 202.193.58.13:18
[*]  TCP OPEN|FILTERED 202.193.58.13:19
[*]  TCP OPEN|FILTERED 202.193.58.13:20
[*]  TCP OPEN|FILTERED 202.193.58.13:21
[*]  TCP OPEN|FILTERED 202.193.58.13:22
[*]  TCP OPEN|FILTERED 202.193.58.13:23
[*]  TCP OPEN|FILTERED 202.193.58.13:24
[*]  TCP OPEN|FILTERED 202.193.58.13:25
[*]  TCP OPEN|FILTERED 202.193.58.13:26
[*]  TCP OPEN|FILTERED 202.193.58.13:27
[*]  TCP OPEN|FILTERED 202.193.58.13:28
[*]  TCP OPEN|FILTERED 202.193.58.13:29
[*]  TCP OPEN|FILTERED 202.193.58.13:30
[*]  TCP OPEN|FILTERED 202.193.58.13:31
[*]  TCP OPEN|FILTERED 202.193.58.13:32
[*]  TCP OPEN|FILTERED 202.193.58.13:33
[*]  TCP OPEN|FILTERED 202.193.58.13:34
[*]  TCP OPEN|FILTERED 202.193.58.13:35
[*]  TCP OPEN|FILTERED 202.193.58.13:36
[*]  TCP OPEN|FILTERED 202.193.58.13:37
[*]  TCP OPEN|FILTERED 202.193.58.13:38
[*]  TCP OPEN|FILTERED 202.193.58.13:39
[*]  TCP OPEN|FILTERED 202.193.58.13:40
[*]  TCP OPEN|FILTERED 202.193.58.13:41
[*]  TCP OPEN|FILTERED 202.193.58.13:42
[*]  TCP OPEN|FILTERED 202.193.58.13:43
[*]  TCP OPEN|FILTERED 202.193.58.13:44
[*]  TCP OPEN|FILTERED 202.193.58.13:45
[*]  TCP OPEN|FILTERED 202.193.58.13:46
[*]  TCP OPEN|FILTERED 202.193.58.13:47
[*]  TCP OPEN|FILTERED 202.193.58.13:48
[*]  TCP OPEN|FILTERED 202.193.58.13:49
复制代码

 

 

 

 

 

 

 

Metasploit中syn扫描模块的使用过程

  在一般的情况下,推荐使用syn端口扫描器,因为它的扫描速度较快、结果准确切不容易被对方察觉。下面是针对网关服务器(Ubuntu Metasploitable)主机的扫描结果,可以看出与Nmap的扫描结果基本一致。如下。

 

复制代码
msf > use auxiliary/scanner/portscan/syn
msf auxiliary(syn) > set RHOSTS 202.193.58.13
RHOSTS => 202.193.58.13
msf auxiliary(syn) > set THREADS 20
THREADS => 20
msf auxiliary(syn) > run

[*]  TCP OPEN 202.193.58.13:21
[*]  TCP OPEN 202.193.58.13:22
[*]  TCP OPEN 202.193.58.13:23
[*]  TCP OPEN 202.193.58.13:25
[*]  TCP OPEN 202.193.58.13:53
[*]  TCP OPEN 202.193.58.13:80
[*]  TCP OPEN 202.193.58.13:111
[*]  TCP OPEN 202.193.58.13:139
[*]  TCP OPEN 202.193.58.13:445
[*]  TCP OPEN 202.193.58.13:512
[*]  TCP OPEN 202.193.58.13:513
复制代码

 

 

 

   当然,大家也可以拿下面的主机来扫描

 

 

 

 

 

 

 

Metasploit中sap_router_portscanner扫描模块的使用过程

复制代码
msf > use  auxiliary/scanner/sap/sap_router_portscanner
msf auxiliary(sap_router_portscanner) > set RHOSTS 202.193.58.13
RHOSTS => 202.193.58.13
msf auxiliary(sap_router_portscanner) > set THREADS 20
THREADS => 20
msf auxiliary(sap_router_portscanner) > run
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: RHOST, TARGETS.
msf auxiliary(sap_router_portscanner) > 
复制代码

 





 

 

 

 

 

 

 

 

 

 

Metasploit中也可以使用namp

常用nmap扫描类型参数:

  -sT:TCP connect扫描

  -sS:TCP syn扫描

  -sF/-sX/-sN:通过发送一些标志位以避开设备或软件的检测

  -sP:ICMP扫描

  -sU:探测目标主机开放了哪些UDP端口

  -sA:TCP ACk扫描

 

扫描选项:

  -Pn:在扫描之前,不发送ICMP echo请求测试目标是否活跃

  -O:辨识操作系统等信息

  -F:快速扫描模式

  -p<端口范围>:指定端口扫描范围

 

 

 

复制代码
msf auxiliary(syn) > nmap -sS -Pn 202.193.58.13
[*] exec: nmap -sS -Pn 202.193.58.13


Starting Nmap 7.31 ( https://nmap.org ) at 2017-05-17 22:17 CST
Nmap scan report for 13.58.193.202.in-addr.arpa (202.193.58.13)
Host is up (0.0014s latency).
Not shown: 977 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
23/tcp   open  telnet
25/tcp   open  smtp
53/tcp   open  domain
80/tcp   open  http
111/tcp  open  rpcbind
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
512/tcp  open  exec
513/tcp  open  login
514/tcp  open  shell
1099/tcp open  rmiregistry
1524/tcp open  ingreslock
2049/tcp open  nfs
2121/tcp open  ccproxy-ftp
3306/tcp open  mysql
5432/tcp open  postgresql
5900/tcp open  vnc
6000/tcp open  X11
6667/tcp open  irc
8009/tcp open  ajp13
8180/tcp open  unknown
MAC Address: 84:AD:58:82:49:5C (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 1.49 seconds
msf auxiliary(syn) >
复制代码

 

 

 

 

 

复制代码
msf auxiliary(syn) > nmap -sV -Pn 202.193.58.13
[*] exec: nmap -sV -Pn 202.193.58.13


Starting Nmap 7.31 ( https://nmap.org ) at 2017-05-17 22:18 CST
Nmap scan report for 13.58.193.202.in-addr.arpa (202.193.58.13)
Host is up (0.0016s latency).
Not shown: 977 closed ports
PORT     STATE SERVICE       VERSION
21/tcp   open  ftp           vsftpd 2.3.4
22/tcp   open  ssh           OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
23/tcp   open  telnet        Linux telnetd
25/tcp   open  smtp          Postfix smtpd
53/tcp   open  domain?
80/tcp   open  http?
111/tcp  open  rpcbind?
139/tcp  open  netbios-ssn?
445/tcp  open  microsoft-ds?
512/tcp  open  exec          netkit-rsh rexecd
513/tcp  open  login?
514/tcp  open  shell         Netkit rshd
1099/tcp open  rmiregistry?
1524/tcp open  shell         Metasploitable root shell
2049/tcp open  nfs?
2121/tcp open  ccproxy-ftp?
3306/tcp open  mysql         MySQL 5.0.51a-3ubuntu5
5432/tcp open  postgresql?
5900/tcp open  vnc           VNC (protocol 3.3)
6000/tcp open  X11?
6667/tcp open  irc           Unreal ircd
8009/tcp open  ajp13?
8180/tcp open  unknown
MAC Address: 84:AD:58:82:49:5C (Unknown)
Service Info: Hosts:  metasploitable.localdomain, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 22.50 seconds
msf auxiliary(syn) > 
复制代码

 

 

 

   可以,与下面进行对比。

kali 2.0 linux中的Nmap的端口扫描功能

 

 

 

 

  当然,大家也可以拿下面的主机来扫描



本文转自大数据躺过的坑博客园博客,原文链接:http://www.cnblogs.com/zlslch/p/6869737.html,如需转载请自行联系原作者

网友评论

登录后评论
0/500
评论
技术小哥哥
+ 关注