目前常见的端口扫描技术一般有如下几类: TCP  Connect、TCP SYN、TCP ACK、TCP FIN。

Metasploit中的端口扫描器

  Metasploit的辅助模块中提供了几款实用的端口扫描器。可以输入search portscan命令找到相关的端口扫描器。如下

root@kali:~# msfconsole

......

msf > search portscan

Matching Modules

================

   Name                                              Disclosure Date  Rank    Description

   ----                                              ---------------  ----    -----------

   auxiliary/scanner/http/wordpress_pingback_access                   normal  Wordpress Pingback Locator

   auxiliary/scanner/natpmp/natpmp_portscan                           normal  NAT-PMP External Port Scanner

   auxiliary/scanner/portscan/ack                                     normal  TCP ACK Firewall Scanner

   auxiliary/scanner/portscan/ftpbounce                               normal  FTP Bounce Port Scanner

   auxiliary/scanner/portscan/syn                                     normal  TCP SYN Port Scanner

   auxiliary/scanner/portscan/tcp                                     normal  TCP Port Scanner

   auxiliary/scanner/portscan/xmas                                    normal  TCP "XMas" Port Scanner

   auxiliary/scanner/sap/sap_router_portscanner                       normal  SAPRouter Port Scanner

msf >

Metasploit中ack扫描模块的使用过程

msf > use auxiliary/scanner/portscan/ack

msf auxiliary(ack) > set RHOSTS 202.193.58.13

RHOSTS => 202.193.58.13

msf auxiliary(ack) > set THREADS

THREADS =>

msf auxiliary(ack) > run

Metasploit中ftpbounce扫描模块的使用过程

msf > use auxiliary/scanner/portscan/ftpbounce

msf auxiliary(ftpbounce) > set RHOSTS 202.193.58.13

RHOSTS => 202.193.58.13

msf auxiliary(ftpbounce) > set THREADS

THREADS =>

msf auxiliary(ftpbounce) > run

[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: BOUNCEHOST.

msf auxiliary(ftpbounce) >

Metasploit中tcp扫描模块的使用过程

msf > use auxiliary/scanner/portscan/tcp

msf auxiliary(tcp) > set RHOSTS 202.193.58.13

RHOSTS => 202.193.58.13

msf auxiliary(tcp) > set THREADS

THREADS =>

msf auxiliary(tcp) > run

[*] 202.193.58.13:        - 202.193.58.13: - TCP OPEN

[*] 202.193.58.13:        - 202.193.58.13: - TCP OPEN

[*] 202.193.58.13:        - 202.193.58.13: - TCP OPEN

[*] 202.193.58.13:        - 202.193.58.13: - TCP OPEN

Metasploit中xmas扫描模块的使用过程

msf > use auxiliary/scanner/portscan/xmas

msf auxiliary(xmas) > set RHOSTS 202.193.58.13

RHOSTS => 202.193.58.13

msf auxiliary(xmas) > set THREADS

THREADS =>

msf auxiliary(xmas) > run

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

[*]  TCP OPEN|FILTERED 202.193.58.13:

Metasploit中syn扫描模块的使用过程

  在一般的情况下,推荐使用syn端口扫描器,因为它的扫描速度较快、结果准确切不容易被对方察觉。下面是针对网关服务器(Ubuntu Metasploitable)主机的扫描结果,可以看出与Nmap的扫描结果基本一致。如下。

msf > use auxiliary/scanner/portscan/syn

msf auxiliary(syn) > set RHOSTS 202.193.58.13

RHOSTS => 202.193.58.13

msf auxiliary(syn) > set THREADS 20

THREADS => 20

msf auxiliary(syn) > run

[*]  TCP OPEN 202.193.58.13:21

[*]  TCP OPEN 202.193.58.13:22

[*]  TCP OPEN 202.193.58.13:23

[*]  TCP OPEN 202.193.58.13:25

[*]  TCP OPEN 202.193.58.13:53

[*]  TCP OPEN 202.193.58.13:80

[*]  TCP OPEN 202.193.58.13:111

[*]  TCP OPEN 202.193.58.13:139

[*]  TCP OPEN 202.193.58.13:445

[*]  TCP OPEN 202.193.58.13:512

[*]  TCP OPEN 202.193.58.13:513

 

  当然,大家也可以拿下面的主机来扫描

Metasploit中sap_router_portscanner扫描模块的使用过程

msf > use  auxiliary/scanner/sap/sap_router_portscanner

msf auxiliary(sap_router_portscanner) > set RHOSTS 202.193.58.13

RHOSTS => 202.193.58.13

msf auxiliary(sap_router_portscanner) > set THREADS

THREADS =>

msf auxiliary(sap_router_portscanner) > run

[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: RHOST, TARGETS.

msf auxiliary(sap_router_portscanner) > 


Metasploit中也可以使用namp


常用nmap扫描类型参数:


  -sT:TCP connect扫描


  -sS:TCP syn扫描


  -sF/-sX/-sN:通过发送一些标志位以避开设备或软件的检测


  -sP:ICMP扫描


  -sU:探测目标主机开放了哪些UDP端口


  -sA:TCP ACk扫描


扫描选项:


  -Pn:在扫描之前,不发送ICMP echo请求测试目标是否活跃


  -O:辨识操作系统等信息


  -F:快速扫描模式


  -p<端口范围>:指定端口扫描范围






msf auxiliary(syn) > nmap -sS -Pn 202.193.58.13

[*] exec: nmap -sS -Pn 202.193.58.13

Starting Nmap 7.31 ( https://nmap.org ) at 2017-05-17 22:17 CST

Nmap scan report for 13.58.193.202.in-addr.arpa (202.193.58.13)

Host is up (.0014s latency).

Not shown:  closed ports

PORT     STATE SERVICE

/tcp   open  ftp

/tcp   open  ssh

/tcp   open  telnet

/tcp   open  smtp

/tcp   open  domain

/tcp   open  http

/tcp  open  rpcbind

/tcp  open  netbios-ssn

/tcp  open  microsoft-ds

/tcp  open  exec

/tcp  open  login

/tcp  open  shell

/tcp open  rmiregistry

/tcp open  ingreslock

/tcp open  nfs

/tcp open  ccproxy-ftp

/tcp open  mysql

/tcp open  postgresql

/tcp open  vnc

/tcp open  X11

/tcp open  irc

/tcp open  ajp13

/tcp open  unknown

MAC Address: :AD::::5C (Unknown)

Nmap done:  IP address ( host up) scanned in 1.49 seconds

msf auxiliary(syn) >








msf auxiliary(syn) > nmap -sV -Pn 202.193.58.13

[*] exec: nmap -sV -Pn 202.193.58.13

Starting Nmap 7.31 ( https://nmap.org ) at 2017-05-17 22:18 CST

Nmap scan report for 13.58.193.202.in-addr.arpa (202.193.58.13)

Host is up (.0016s latency).

Not shown:  closed ports

PORT     STATE SERVICE       VERSION

/tcp   open  ftp           vsftpd 2.3.

/tcp   open  ssh           OpenSSH .7p1 Debian 8ubuntu1 (protocol 2.0)

/tcp   open  telnet        Linux telnetd

/tcp   open  smtp          Postfix smtpd

/tcp   open  domain?

/tcp   open  http?

/tcp  open  rpcbind?

/tcp  open  netbios-ssn?

/tcp  open  microsoft-ds?

/tcp  open  exec          netkit-rsh rexecd

/tcp  open  login?

/tcp  open  shell         Netkit rshd

/tcp open  rmiregistry?

/tcp open  shell         Metasploitable root shell

/tcp open  nfs?

/tcp open  ccproxy-ftp?

/tcp open  mysql         MySQL 5.0.51a-3ubuntu5

/tcp open  postgresql?

/tcp open  vnc           VNC (protocol 3.3)

/tcp open  X11?

/tcp open  irc           Unreal ircd

/tcp open  ajp13?

/tcp open  unknown

MAC Address: :AD::::5C (Unknown)

Service Info: Hosts:  metasploitable.localdomain, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done:  IP address ( host up) scanned in 22.50 seconds

msf auxiliary(syn) > 




  可以,与下面进行对比。


kali 2.0 linux中的Nmap的端口扫描功能


  当然,大家也可以拿下面的主机来扫描








												


											
Kali linux 2016.2(Rolling)中metasploit的端口扫描的更多相关文章
	

    
						
  1. MetaSploit攻击实例讲解------社会工程学set攻击(kali linux 2016.2(rolling))(详细)
		
    不多说,直接上干货! 首先,如果你是用的BT5,则set的配置文件是在 /pentest/exploits/set/set_config下. APACHE_SERVER=ONSELF_SIGNED_A ...
    
		
    2. 
						
  2. MetaSploit攻击实例讲解------Metasploit自动化攻击(包括kali linux 2016.2(rolling) 和 BT5)
		
    不多说,直接上干货! 前期博客 Kali linux 2016.2(Rolling)里Metasploit连接(包括默认和自定义)的PostgreSQL数据库 Kali linux 2016.2(Ro ...
    
		
    3. 
						
  3. MetaSploit攻击实例讲解------终端下PostgreSQL数据库的使用(包括kali linux 2016.2(rolling)  和  BT5)
		
    不多说,直接上干货! 配置msf连接postgresql数据库 我这里是使用kali linux 2016.2(rolling)   用过的博友们都知道,已经预安装好了PostgreSQL. 1. p ...
    
		
    4. 
						
  4. MetaSploit攻击实例讲解------工具Meterpreter常用功能介绍(kali linux 2016.2(rolling))(详细)
		
    不多说,直接上干货! 说在前面的话 注意啦:Meterpreter的命令非常之多,本篇博客下面给出了所有,大家可以去看看.给出了详细的中文 由于篇幅原因,我只使用如下较常用的命令. 这篇博客,利用下面 ...
    
		
    5. 
								
  5. MetaSploit攻击实例讲解------攻击445端口漏洞(kali linux 2016.2(rolling))(详细)
		
    不多说,直接上干货! 大家,相信最近的这个事件,对于445端口已经是非常的小心了.勒索病毒 445端口是一个毁誉参半的端口,有了它我们可以在局域网中轻松访问各种共享文件夹或共享打印机,但也正是因为有了 ...
    
		
    6. 
						
  6. Kali linux 2016.2 的 plyload模块之meterpreter plyload详解
		
    不多说,直接上干货! 前期博客 Kali linux 2016.2(Rolling)中的payloads模块详解 当利用成功后尝试运行一个进程,它将在系统进程列表里显示,即使在木马中尝试执行系统命令, ...
    
		
    7. 
						
  7. Kali linux 2016.2(Rolling)中的Metasploit如何更新与目录结构初步认识
		
    如何更新MSF 1.Windows平台 方法1: 运行msfupdate.bat 在msfconsole里执行命令svn update 或者 方法2:  2.unix/linux平台 方法1: 运行m ...
    
		
    8. 
						
  8. Kali linux 2016.2(Rolling)中的payloads模块详解
		
    不多说,直接上干货! 前期博客 Kali linux 2016.2(Rolling)中的Exploits模块详解 payloads模块,也就是shellcode,就是在漏洞利用成功后所要做的事情.在M ...
    
		
    9. 
						
  9. Kali linux 2016.2(Rolling)里Metasploit连接(包括默认和自定义)的PostgreSQL数据库之后的切换到指定的工作空间
		
    不多说,直接上干货! 为什么要这么做? 答: 方便我们将扫描不同的目标或目标的不同段,进行归类.为了更好的后续工作! 前期博客 Kali linux 2016.2(Rolling)里Metasploi ...
    
		
    10. 
		

	


随机推荐
	

    
									
  1. Linux网络编程(3)——多进程、多线程
			
    在我的里面已经介绍了linux以下c的进程.线程接口,这里就不做过多阐述了. 多进程 这里多进程採用传统的多进程模型.每当有client发来的连接时创建一个进程来处理连接,一个子进程相应一个连接. 有 ...
    
			
    2. 
						
  2. 带你认识 MySQL 之 MySQL 体系结构
			
    序 近期一直在忙项目,各种加班加点,项目上线.渐渐的没有了学习的时间.这不,刚这几天才干抽出点时间.忙里偷闲,正在看一本数据库的书籍.相信非常多小伙伴们也都看过 - - <MySQL 技术内幕: ...
    
			
    3. 
						
  3. wikioi 1306 机智Trie树
			
    题目描写叙述 Description 看广播操无聊得非常~你有认为吗?在看广播操一波又一波的人潮涌过再退去.认为非常没意思--于是,偶们的大神犇JHT发明了一个及其好玩的游戏~ 把每一班级的队形看成一 ...
    
			
    4. 
						
  4. android选择图片或拍照图片上传到server(包含上传參数)
			
    在9ria论坛看到的.还没測试,先Mark与大家分享一下. 近期要搞一个项目,须要上传相冊和拍照的图片.不负所望,最终完毕了! 只是须要说明一下,事实上网上非常多教程拍照的图片.都是缩略图不是非常清晰 ...
    
			
    5. 
						
  5. Understanding The Complete Story of Postback in ASP.NET
			
    https://docs.microsoft.com/zh-cn/dotnet/api/system.web.ui.page.ispostback?view=netframework-4.7 http ...
    
			
    6. 
						
  6. express+模板引擎构建项目时遇到的几个小问题
			
    1.启动项目/调试项目 项目启动用:npm start 由于每次更改路由代码后必须重启服务才可以看效果,所以为了达到热加载的效果我们安装 supervisor:全局安装也可以: npm install ...
    
			
    7. 
						
  7. Python的Flask框架入门-Ubuntu
			
    全文请见tuts code:An Introduction to Python's Flask Framework Flask是Python一个小而强大的web框架.学起来简单,用起来也容易,能够帮你 ...
    
			
    8. 
						
  8. 关于RoI pooling 层
			
    ROIs Pooling顾名思义,是pooling层的一种,而且是针对ROIs的pooling: 整个 ROI 的过程,就是将这些 proposal 抠出来的过程,得到大小统一的 feature ma ...
    
			
    9. 
						
  9. c++类模板初探
			
    #include <iostream> #include <string> using namespace std; // 你提交的代码将嵌入到这里 ; template &l ...
    
			
    10. 
						
  10. Mybatis传递多个参数的解决办法(三种)
			
    第一种方案 DAO层的函数方法 Public User selectUser(String name,String area); 对应的Mapper.xml <select id="s ...
    
			
    11.