metasploit使用辅助模块
显示所有的辅助模块:
msf > show auxiliary
Auxiliary
=========
Name Disclosure Date Rank Description
---- --------------- ---- -----------
admin/2wire/xslt_password_reset 2007-08-15 normal 2Wire Cross-Site Request Forgery Password Reset Vulnerability
admin/backupexec/dump normal Veritas Backup Exec Windows Remote File Access
admin/backupexec/registry normal Veritas Backup Exec Server Registry Access
admin/cisco/_3000_ftp_bypass 2006-08-23 normal Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access
admin/db2/db2rcmd 2004-03-04 normal IBM DB2 db2rcmd.exe Command Execution Vulnerability
admin/edirectory/edirectory_dhost_cookie normal Novell eDirectory DHOST Predictable Session Cookie
admin/emc/alphastor_devicemanager_exec 2008-05-27 normal EMC AlphaStor Device Manager Arbitrary Command Execution
admin/emc/alphastor_librarymanager_exec 2008-05-27 normal EMC AlphaStor Library Manager Arbitrary Command Execution
admin/ftp/titanftp_xcrc_traversal 2010-06-15 normal Titan FTP XCRC Directory Traversal Information Disclosure
admin/http/contentkeeper_fileaccess normal ContentKeeper Web Appliance mimencode File Access
admin/http/hp_web_jetadmin_exec 2004-04-27 normal HP Web JetAdmin 6.5 Server Arbitrary Command Execution
admin/http/iomega_storcenterpro_sessionid normal Iomega StorCenter Pro NAS Web Authentication Bypass
admin/http/tomcat_administration normal Tomcat Administration Tool Default Access
admin/http/tomcat_utf8_traversal normal Tomcat UTF-8 Directory Traversal Vulnerability
admin/http/typo3_sa_2009_002 2009-02-10 normal Typo3 sa-2009-002 File Disclosure
admin/maxdb/maxdb_cons_exec 2008-01-09 normal SAP MaxDB cons.exe Remote Command Injection
admin/motorola/wr850g_cred 2004-09-24 normal Motorola WR850G v4.03 Credentials
admin/ms/ms08_059_his2006 2008-10-14 normal Microsoft Host Integration Server 2006 Command Execution Vulnerability
admin/mssql/mssql_enum normal Microsoft SQL Server Configuration Enumerator
admin/mssql/mssql_exec normal Microsoft SQL Server xp_cmdshell Command Execution
admin/mssql/mssql_idf normal Microsoft SQL Server - Interesting Data Finder
admin/mssql/mssql_sql normal Microsoft SQL Server Generic Query
admin/mysql/mysql_enum normal MySQL Enumeration Module
admin/mysql/mysql_sql normal MySQL SQL Generic Query
admin/officescan/tmlisten_traversal normal TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access
admin/oracle/ora_ntlm_stealer 2009-04-07 normal Oracle SMB Relay Code Execution
admin/oracle/oracle_login 2008-11-20 normal Oracle Account Discovery
admin/oracle/oracle_sql 2007-12-07 normal Oracle SQL Generic Query
admin/oracle/oraenum normal Oracle Database Enumeration
admin/oracle/osb_execqr 2009-01-14 normal Oracle Secure Backup exec_qr() Command Injection Vulnerability
admin/oracle/osb_execqr2 2009-08-18 normal Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
admin/oracle/osb_execqr3 2010-07-13 normal Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
admin/oracle/post_exploitation/win32exec 2007-12-07 normal Oracle Java execCommand (Win32)
admin/oracle/post_exploitation/win32upload 2005-02-10 normal Oracle URL Download
admin/oracle/sid_brute 2009-01-07 normal Oracle TNS Listener SID Brute Forcer
admin/oracle/tnscmd 2009-02-01 normal Oracle TNS Listener Command Issuer
admin/pop2/uw_fileretrieval 2000-07-14 normal UoW pop2d Remote File Retrieval Vulnerability
admin/postgres/postgres_readfile normal PostgreSQL Server Generic Query
admin/postgres/postgres_sql normal PostgreSQL Server Generic Query
admin/scada/igss_exec_17 2011-03-21 normal Interactive Graphical SCADA System Remote Command Injection
admin/serverprotect/file normal TrendMicro ServerProtect File Access
admin/smb/samba_symlink_traversal normal Samba Symlink Directory Traversal
admin/smb/upload_file normal SMB File Upload Utility
admin/sunrpc/solaris_kcms_readfile 2003-01-22 normal Solaris KCMS + TTDB Arbitrary File Read
admin/symantec/ams_hndlrsvc 2010-07-26 excellent Symantec System Center Alert Management System (hndlrsvc.exe) Arbitrary Command Execution
admin/symantec/ams_xfr 2009-04-28 excellent Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution
admin/tikiwiki/tikidblib 2006-11-01 normal TikiWiki information disclosure
admin/vxworks/apple_airport_extreme_password normal Apple Airport Extreme Password Extraction (WDBRPC)
admin/vxworks/dlink_i2eye_autoanswer normal D-Link i2eye Video Conference AutoAnswer (WDBRPC)
admin/vxworks/wdbrpc_memory_dump normal VxWorks WDB Agent Remote Memory Dump
admin/vxworks/wdbrpc_reboot normal VxWorks WDB Agent Remote Reboot
admin/webmin/file_disclosure 2006-06-30 normal Webmin file disclosure
admin/zend/java_bridge 2011-03-28 normal Zend Server Java Bridge Design Flaw Remote Code Execution
analyze/jtr_crack_fast normal John the Ripper Password Cracker (Fast Mode)
client/smtp/emailer normal Generic Emailer (SMTP)
crawler/msfcrawler normal Metasploit Web Crawler
dos/cisco/ios_http_percentpercent 2000-04-26 normal Cisco IOS HTTP GET /%% request Denial of Service
dos/dhcp/isc_dhcpd_clientid normal ISC DHCP Zero Length ClientID Denial of Service Module
dos/freebsd/nfsd/nfsd_mount normal FreeBSD Remote NFS RPC Request Denial of Service
dos/hp/data_protector_rds 2011-01-08 normal HP Data Protector Manager RDS DOS
dos/http/3com_superstack_switch 2004-06-24 normal 3Com SuperStack Switch Denial of Service
dos/http/apache_mod_isapi 2010-03-05 normal Apache mod_isapi <= 2.2.14 Dangling Pointer
dos/http/apache_tomcat_transfer_encoding 2010-07-09 normal Apache Tomcat Transfer-Encoding Information Disclosure and DoS
dos/http/dell_openmanage_post 2004-02-26 normal Dell OpenManage POST Request Heap Overflow (win32)
dos/http/sonicwall_ssl_format 2009-05-29 normal SonicWALL SSL-VPN Format String Vulnerability
dos/http/webrick_regex 2008-08-08 normal Ruby WEBrick::HTTP::DefaultFileHandler DoS
dos/mdns/avahi_portzero 2008-11-14 normal Avahi < 0.6.24 Source Port 0 DoS
dos/ntp/ntpd_reserved_dos 2009-10-04 normal NTP.org ntpd Reserved Mode Denial of Service
dos/pptp/ms02_063_pptp_dos 2002-09-26 normal MS02-063 PPTP Malformed Control Data Kernel Denial of Service
dos/samba/lsa_addprivs_heap normal Samba lsa_io_privilege_set Heap Overflow
dos/samba/lsa_transnames_heap normal Samba lsa_io_trans_names Heap Overflow
dos/smtp/sendmail_prescan 2003-09-17 normal Sendmail SMTP Address prescan <= 8.12.8 Memory Corruption
dos/solaris/lpd/cascade_delete normal Solaris LPD Arbitrary File Delete
dos/ssl/dtls_changecipherspec 2000-04-26 normal OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit
dos/tcp/junos_tcp_opt low Juniper JunOS Malformed TCP Option
dos/tcp/synflood normal TCP SYN Flooder
dos/wifi/apple_orinoco_probe_response normal Apple Airport 802.11 Probe Response Kernel Memory Corruption
dos/wifi/cts_rts_flood normal Wireless CTS/RTS Flooder
dos/wifi/deauth normal Wireless DEAUTH Flooder
dos/wifi/fakeap normal Wireless Fake Access Point Beacon Flood
dos/wifi/file2air normal Wireless Frame (File) Injector
dos/wifi/netgear_ma521_rates normal NetGear MA521 Wireless Driver Long Rates Overflow
dos/wifi/netgear_wg311pci normal NetGear WG311v1 Wireless Driver Long SSID Overflow
dos/wifi/probe_resp_null_ssid normal Multiple Wireless Vendor NULL SSID Probe Response
dos/wifi/ssidlist_beacon normal Wireless Beacon SSID Emulator
dos/wifi/wifun normal Wireless Test Module
dos/windows/appian/appian_bpm 2007-12-17 normal Appian Enterprise Business Suite 5.6 SP1 DoS
dos/windows/browser/ms09_065_eot_integer 2009-11-10 normal Microsoft Windows EOT Font Table Directory Integer Overflow
dos/windows/ftp/filezilla_admin_user 2005-11-07 normal FileZilla FTP Server Admin Interface Denial of Service
dos/windows/ftp/filezilla_server_port 2006-12-11 normal FileZilla FTP Server <=0.9.21 Malformed PORT Denial of Service
dos/windows/ftp/guildftp_cwdlist 2008-10-12 normal Guild FTPd 0.999.8.11/0.999.14 Heap Corruption
dos/windows/ftp/iis75_ftpd_iac_bof 2010-12-21 normal Microsoft IIS FTP Server Encoded Response Overflow Trigger
dos/windows/ftp/solarftp_user 2011-02-22 normal Solar FTP Server <= 2.1.1 Malformed (User) Denial of Service
dos/windows/ftp/titan626_site 2008-10-14 normal Titan FTP Server 6.26.630 SITE WHO DoS
dos/windows/ftp/vicftps50_list 2008-10-24 normal Victory FTP Server 5.0 LIST DoS
dos/windows/ftp/winftp230_nlst 2008-09-26 normal WinFTP 2.3.0 NLST Denial of Service
dos/windows/ftp/xmeasy560_nlst 2008-10-13 normal XM Easy Personal FTP Server 5.6.0 NLST DoS
dos/windows/ftp/xmeasy570_nlst 2009-03-27 normal XM Easy Personal FTP Server 5.7.0 NLST DoS
dos/windows/games/kaillera 2011-07-02 normal Kaillera 0.86 Server Denial of Service
dos/windows/http/ms10_065_ii6_asp_dos 2010-09-14 normal Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service
dos/windows/http/pi3web_isapi 2008-11-13 normal Pi3Web <=2.0.13 ISAPI DoS
dos/windows/llmnr/ms11_030_dnsapi 2011-04-12 normal Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
dos/windows/nat/nat_helper 2006-10-26 normal Microsoft Windows NAT Helper Denial of Service
dos/windows/smb/ms05_047_pnp normal Microsoft Plug and Play Service Registry Overflow
dos/windows/smb/ms06_035_mailslot 2006-07-11 normal Microsoft SRV.SYS Mailslot Write Corruption
dos/windows/smb/ms06_063_trans normal Microsoft SRV.SYS Pipe Transaction No Null
dos/windows/smb/ms09_001_write normal Microsoft SRV.SYS WriteAndX Invalid DataOffset
dos/windows/smb/ms09_050_smb2_negotiate_pidhigh normal Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
dos/windows/smb/ms09_050_smb2_session_logoff normal Microsoft SRV2.SYS SMB2 Logoff Remote Kernel NULL Pointer Dereference
dos/windows/smb/ms10_006_negotiate_response_loop normal Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop
dos/windows/smb/ms10_054_queryfs_pool_overflow normal Microsoft Windows SRV.SYS SrvSmbQueryFsInformation Pool Overflow DoS
dos/windows/smb/ms11_xxx_electbowser normal Microsoft Windows MRXSMB.SYS _BowserWriteErrorLogEntry Pool Overflow DoS
dos/windows/smb/rras_vls_null_deref 2006-06-14 normal Microsoft RRAS InterfaceAdjustVLSPointers NULL Dereference
dos/windows/smb/vista_negotiate_stop normal Microsoft Vista SP0 SMB Negotiate Protocol DoS
dos/windows/smtp/ms06_019_exchange 2004-11-12 normal MS06-019 Exchange MODPROP Heap Overflow
dos/windows/tftp/pt360_write 2008-10-29 normal PacketTrap TFTP Server 2.2.5459.0 DoS
dos/windows/tftp/solarwinds 2010-05-21 normal SolarWinds TFTP Server 10.4.0.10 Denial of Service
dos/wireshark/chunked 2007-02-22 normal Wireshark chunked_encoding_dissector function DOS
dos/wireshark/cldap 2011-03-01 normal Wireshark CLDAP Dissector DOS
dos/wireshark/ldap 2008-03-28 normal Wireshark LDAP dissector DOS
fuzzers/ftp/client_ftp normal Simple FTP Client Fuzzer
fuzzers/ftp/ftp_pre_post normal Simple FTP Fuzzer
fuzzers/http/http_form_field normal HTTP Form field fuzzer
fuzzers/http/http_get_uri_long normal HTTP GET Request URI Fuzzer (Incrementing Lengths)
fuzzers/http/http_get_uri_strings normal HTTP GET Request URI Fuzzer (Fuzzer Strings)
fuzzers/smb/smb2_negotiate_corrupt normal SMB Negotiate SMB2 Dialect Corruption
fuzzers/smb/smb_create_pipe normal SMB Create Pipe Request Fuzzer
fuzzers/smb/smb_create_pipe_corrupt normal SMB Create Pipe Request Corruption
fuzzers/smb/smb_negotiate_corrupt normal SMB Negotiate Dialect Corruption
fuzzers/smb/smb_ntlm1_login_corrupt normal SMB NTLMv1 Login Request Corruption
fuzzers/smb/smb_tree_connect normal SMB Tree Connect Request Fuzzer
fuzzers/smb/smb_tree_connect_corrupt normal SMB Tree Connect Request Corruption
fuzzers/smtp/smtp_fuzzer normal SMTP Simple Fuzzer
fuzzers/ssh/ssh_kexinit_corrupt normal SSH Key Exchange Init Corruption
fuzzers/ssh/ssh_version_15 normal SSH 1.5 Version Fuzzer
fuzzers/ssh/ssh_version_2 normal SSH 2.0 Version Fuzzer
fuzzers/ssh/ssh_version_corrupt normal SSH Version Corruption
fuzzers/tds/tds_login_corrupt normal TDS Protocol Login Request Corruption Fuzzer
fuzzers/tds/tds_login_username normal TDS Protocol Login Request Username Fuzzer
fuzzers/wifi/fuzz_beacon normal Wireless Beacon Frame Fuzzer
fuzzers/wifi/fuzz_proberesp normal Wireless Probe Response Frame Fuzzer
gather/android_htmlfileprovider normal Android Content Provider File Disclosure
gather/citrix_published_applications normal Citrix MetaFrame ICA Published Applications Scanner
gather/citrix_published_bruteforce normal Citrix MetaFrame ICA Published Applications Bruteforcer
gather/dns_enum normal DNS Enumeration Module
gather/search_email_collector normal Search Engine Domain Email Address Collector
pdf/foxit/authbypass 2009-03-09 normal Foxit Reader Authorization Bypass
scanner/backdoor/energizer_duo_detect normal Energizer DUO Trojan Scanner
scanner/db2/db2_auth normal DB2 Authentication Brute Force Utility
scanner/db2/db2_version normal DB2 Probe Utility
scanner/db2/discovery normal DB2 Discovery Service Detection
scanner/dcerpc/endpoint_mapper normal Endpoint Mapper Service Discovery
scanner/dcerpc/hidden normal Hidden DCERPC Service Discovery
scanner/dcerpc/management normal Remote Management Interface Discovery
scanner/dcerpc/tcp_dcerpc_auditor normal DCERPC TCP Service Auditor
scanner/dect/call_scanner normal DECT Call Scanner
scanner/dect/station_scanner normal DECT Base Station Scanner
scanner/discovery/arp_sweep normal ARP Sweep Local Network Discovery
scanner/discovery/ipv6_multicast_ping normal IPv6 Link Local/Node Local Ping Discovery
scanner/discovery/ipv6_neighbor normal IPv6 Local Neighbor Discovery
scanner/discovery/ipv6_neighbor_router_advertisement normal IPv6 Local Neighbor Discovery Using Router Advertisment
scanner/discovery/udp_probe normal UDP Service Prober
scanner/discovery/udp_sweep normal UDP Service Sweeper
scanner/emc/alphastor_devicemanager normal EMC AlphaStor Device Manager Service
scanner/emc/alphastor_librarymanager normal EMC AlphaStor Library Manager Service
scanner/finger/finger_users normal Finger Service User Enumerator
scanner/ftp/anonymous normal Anonymous FTP Access Detection
scanner/ftp/ftp_login normal FTP Authentication Scanner
scanner/ftp/ftp_version normal FTP Version Scanner
scanner/http/adobe_xml_inject normal Adobe XML External Entity Injection
scanner/http/axis_local_file_include normal Apache Axis2 v1.4.1 Local File Inclusion
scanner/http/axis_login normal Apache Axis2 v1.4.1 Brute Force Utility
scanner/http/backup_file normal HTTP Backup File Scanner
scanner/http/barracuda_directory_traversal 2010-10-08 normal Barracuda Multiple Product "locale" Directory Traversal
scanner/http/blind_sql_query normal HTTP Blind SQL Injection GET QUERY Scanner
scanner/http/brute_dirs normal HTTP Directory Brute Force Scanner
scanner/http/cert normal HTTP SSL Certificate Checker
scanner/http/cisco_device_manager 2000-10-26 normal Cisco Device HTTP Device Manager Access
scanner/http/cisco_ios_auth_bypass 2001-06-27 normal Cisco IOS HTTP Unauthorized Administrative Access
scanner/http/coldfusion_locale_traversal normal ColdFusion Server Check
scanner/http/copy_of_file normal HTTP Copy File Scanner
scanner/http/crawler normal Web Site Crawler
scanner/http/dir_listing normal HTTP Directory Listing Scanner
scanner/http/dir_scanner normal HTTP Directory Scanner
scanner/http/dir_webdav_unicode_bypass normal MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner
scanner/http/enum_delicious normal Pull Del.icio.us Links (URLs) for a domain
scanner/http/enum_wayback normal Pull Archive.org stored URLs for a domain
scanner/http/error_sql_injection normal HTTP Error Based SQL Injection Scanner
scanner/http/file_same_name_dir normal HTTP File Same Name Directory Scanner
scanner/http/files_dir normal HTTP Interesting File Scanner
scanner/http/frontpage_login normal FrontPage Server Extensions Login Utility
scanner/http/http_login normal HTTP Login Utility
scanner/http/http_version normal HTTP Version Detection
scanner/http/httpbl_lookup normal Http:BL lookup
scanner/http/jboss_vulnscan normal JBoss Vulnerability Scanner
scanner/http/litespeed_source_disclosure normal LiteSpeed Source Code Disclosure/Download
scanner/http/lucky_punch normal HTTP Microsoft SQL Injection Table XSS Infection
scanner/http/majordomo2_directory_traversal 2011-03-08 normal Majordomo2 _list_file_get() Directory Traversal
scanner/http/mod_negotiation_brute normal Apache HTTPD mod_negotiation Filename Bruter
scanner/http/mod_negotiation_scanner normal Apache HTTPD mod_negotiation scanner
scanner/http/ms09_020_webdav_unicode_bypass normal MS09-020 IIS6 WebDAV Unicode Auth Bypass
scanner/http/nginx_source_disclosure normal Nginx Source Code Disclosure/Download
scanner/http/open_proxy normal HTTP Open Proxy Detection
scanner/http/options normal HTTP Options Detection
scanner/http/prev_dir_same_name_file normal HTTP Previous Directory File Scanner
scanner/http/replace_ext normal HTTP File Extension Scanner
scanner/http/robots_txt normal HTTP Robots.txt Content Scanner
scanner/http/sap_businessobjects_user_brute normal SAP BusinessObjects User Bruteforcer
scanner/http/sap_businessobjects_user_brute_web normal SAP BusinessObjects Web User Bruteforcer
scanner/http/sap_businessobjects_user_enum normal SAP BusinessObjects User Enumeration
scanner/http/sap_businessobjects_version_enum normal SAP BusinessObjects Version Detection
scanner/http/soap_xml normal HTTP SOAP Verb/Noun Brute Force Scanner
scanner/http/sqlmap normal SQLMAP SQL Injection External Module
scanner/http/ssl normal HTTP SSL Certificate Information
scanner/http/svn_scanner normal HTTP Subversion Scanner
scanner/http/tomcat_enum normal Apache Tomcat User Enumeration
scanner/http/tomcat_mgr_login normal Tomcat Application Manager Login Utility
scanner/http/trace_axd normal HTTP trace.axd Content Scanner
scanner/http/verb_auth_bypass normal HTTP Verb Authentication Bypass Scanner
scanner/http/vhost_scanner normal HTTP Virtual Host Brute Force Scanner
scanner/http/vmware_server_dir_trav normal VMware Server Directory Transversal Vulnerability
scanner/http/web_vulndb normal HTTP Vuln scanner
scanner/http/webdav_internal_ip normal HTTP WebDAV Internal IP Scanner
scanner/http/webdav_scanner normal HTTP WebDAV Scanner
scanner/http/webdav_website_content normal HTTP WebDAV Website Content Scanner
scanner/http/wordpress_login_enum normal Wordpress Brute Force and User Enumeration Utility
scanner/http/writable normal HTTP Writable Path PUT/DELETE File Access
scanner/http/xpath normal HTTP Blind XPATH 1.0 Injector
scanner/imap/imap_version normal IMAP4 Banner Grabber
scanner/ip/ipidseq normal IPID Sequence Scanner
scanner/lotus/lotus_domino_hashes normal Lotus Domino Password Hash Collector
scanner/lotus/lotus_domino_login normal Lotus Domino Brute Force Utility
scanner/lotus/lotus_domino_version normal Lotus Domino Version
scanner/misc/ib_service_mgr_info normal Borland InterBase Services Manager Information
scanner/misc/rosewill_rxs3211_passwords normal Rosewill RXS-3211 IP Camera Password Retriever
scanner/misc/sunrpc_portmapper normal SunRPC Portmap Program Enumerator
scanner/motorola/timbuktu_udp 2009-09-25 normal Motorola Timbuktu Service Detection
scanner/mssql/mssql_hashdump normal MSSQL Password Hashdump
scanner/mssql/mssql_login normal MSSQL Login Utility
scanner/mssql/mssql_ping normal MSSQL Ping Utility
scanner/mysql/mysql_login normal MySQL Login Utility
scanner/mysql/mysql_version normal MySQL Server Version Enumeration
scanner/netbios/nbname normal NetBIOS Information Discovery
scanner/netbios/nbname_probe normal NetBIOS Information Discovery Prober
scanner/nfs/nfsmount normal NFS Mount Scanner
scanner/ntp/ntp_monlist normal NTP Monitor List Scanner
scanner/oracle/emc_sid normal Oracle Enterprise Manager Control SID Discovery
scanner/oracle/isqlplus_login normal Oracle iSQL*Plus Login Utility
scanner/oracle/isqlplus_sidbrute normal Oracle isqlplus SID Check
scanner/oracle/oracle_login normal Oracle RDBMS Login Utility
scanner/oracle/sid_brute normal Oracle TNS Listener SID Bruteforce
scanner/oracle/sid_enum 2009-01-07 normal Oracle TNS Listener SID Enumeration
scanner/oracle/spy_sid normal Oracle Application Server Spy Servlet SID Enumeration
scanner/oracle/tnslsnr_version 2009-01-07 normal Oracle TNS Listener Service Version Query
scanner/oracle/xdb_sid normal Oracle XML DB SID Discovery
scanner/oracle/xdb_sid_brute normal Oracle XML DB SID Discovery via Brute Force
scanner/pop3/pop3_version normal POP3 Banner Grabber
scanner/portscan/ack normal TCP ACK Firewall Scanner
scanner/portscan/ftpbounce normal FTP Bounce Port Scanner
scanner/portscan/syn normal TCP SYN Port Scanner
scanner/portscan/tcp normal TCP Port Scanner
scanner/portscan/xmas normal TCP "XMas" Port Scanner
scanner/postgres/postgres_login normal PostgreSQL Login Utility
scanner/postgres/postgres_version normal PostgreSQL Version Probe
scanner/rogue/rogue_recv normal Rogue Gateway Detection: Receiver
scanner/rogue/rogue_send normal Rogue Gateway Detection: Sender
scanner/rservices/rexec_login normal rexec Authentication Scanner
scanner/rservices/rlogin_login normal rlogin Authentication Scanner
scanner/rservices/rsh_login normal rsh Authentication Scanner
scanner/sap/sap_mgmt_con_abaplog normal SAP Management Console ABAP syslog
scanner/sap/sap_mgmt_con_brute_login normal SAP Management Console Brute Force
scanner/sap/sap_mgmt_con_extractusers normal SAP Management Console Extract Users
scanner/sap/sap_mgmt_con_getenv normal SAP Management Console getEnvironment
scanner/sap/sap_mgmt_con_getlogfiles normal SAP Management Console Get Logfile
scanner/sap/sap_mgmt_con_instanceproperties normal SAP Management Console Instance Properties
scanner/sap/sap_mgmt_con_listlogfiles normal SAP Management Console List Logfiles
scanner/sap/sap_mgmt_con_startprofile normal SAP Management Console getStartProfile
scanner/sap/sap_mgmt_con_version normal SAP Management Console Version Detection
scanner/sap/sap_service_discovery normal SAP Service Discovery
scanner/sip/enumerator normal SIP Username Enumerator (UDP)
scanner/sip/enumerator_tcp normal SIP Username Enumerator (TCP)
scanner/sip/options normal SIP Endpoint Scanner (UDP)
scanner/sip/options_tcp normal SIP Endpoint Scanner (TCP)
scanner/sip/sipdroid_ext_enum normal SIPDroid Extension Grabber
scanner/smb/pipe_auditor normal SMB Session Pipe Auditor
scanner/smb/pipe_dcerpc_auditor normal SMB Session Pipe DCERPC Auditor
scanner/smb/smb2 normal SMB 2.0 Protocol Detection
scanner/smb/smb_enumshares normal SMB Share Enumeration
scanner/smb/smb_enumusers normal SMB User Enumeration (SAM EnumUsers)
scanner/smb/smb_enumusers_domain normal SMB Domain User Enumeration
scanner/smb/smb_login normal SMB Login Check Scanner
scanner/smb/smb_lookupsid normal SMB Local User Enumeration (LookupSid)
scanner/smb/smb_version normal SMB Version Detection
scanner/smtp/smtp_enum normal SMTP User Enumeration Utility
scanner/smtp/smtp_version normal SMTP Banner Grabber
scanner/snmp/aix_version normal AIX SNMP Scanner Auxiliary Module
scanner/snmp/cisco_config_tftp normal Cisco IOS SNMP Configuration Grabber (TFTP)
scanner/snmp/cisco_upload_file normal Cisco IOS SNMP File Upload (TFTP)
scanner/snmp/snmp_enum normal SNMP Enumeration Module
scanner/snmp/snmp_enumshares normal SNMP Windows SMB Share Enumeration
scanner/snmp/snmp_enumusers normal SNMP Windows Username Enumeration
scanner/snmp/snmp_login normal SNMP Community Scanner
scanner/snmp/snmp_set normal SNMP Set Module
scanner/snmp/xerox_workcentre_enumusers normal Xerox WorkCentre User Enumeration (SNMP)
scanner/ssh/ssh_login normal SSH Login Check Scanner
scanner/ssh/ssh_login_pubkey normal SSH Public Key Login Scanner
scanner/ssh/ssh_version normal SSH Version Scanner
scanner/telephony/wardial normal Wardialer
scanner/telnet/telnet_login normal Telnet Login Check Scanner
scanner/telnet/telnet_version normal Telnet Service Banner Detection
scanner/tftp/tftpbrute normal TFTP Brute Forcer
scanner/upnp/ssdp_msearch normal SSDP M-SEARCH Gateway Information Discovery
scanner/vnc/vnc_login normal VNC Authentication Scanner
scanner/vnc/vnc_none_auth normal VNC Authentication None Detection
scanner/vxworks/wdbrpc_bootline normal VxWorks WDB Agent Boot Parameter Scanner
scanner/vxworks/wdbrpc_version normal VxWorks WDB Agent Version Scanner
scanner/x11/open_x11 normal X11 No-Auth Scanner
server/browser_autopwn normal HTTP Client Automatic Exploiter
server/capture/ftp normal Authentication Capture: FTP
server/capture/http normal Authentication Capture: HTTP
server/capture/http_ntlm normal HTTP Client MS Credential Catcher
server/capture/imap normal Authentication Capture: IMAP
server/capture/pop3 normal Authentication Capture: POP3
server/capture/smb normal Authentication Capture: SMB
server/capture/smtp normal Authentication Capture: SMTP
server/capture/telnet normal Authentication Capture: Telnet
server/dhcp normal DHCP Server
server/dns/spoofhelper normal DNS Spoofing Helper Service
server/fakedns normal Fake DNS Service
server/file_autopwn normal File Format Exploit Generator
server/ftp normal FTP File Server
server/pxexploit normal PXE exploit server
server/socks4a normal Socks4a Proxy Server
server/socks_unc normal SOCKS Proxy UNC Path Redirection
server/tftp normal TFTP File Server
sniffer/psnuffle normal pSnuffle Packet Sniffer
spoof/arp/arp_poisoning 1999-12-22 normal ARP Spoof
spoof/dns/bailiwicked_domain 2008-07-21 normal DNS BailiWicked Domain Attack
spoof/dns/bailiwicked_host 2008-07-21 normal DNS BailiWicked Host Attack
spoof/dns/compare_results 2008-07-21 normal DNS Lookup Result Comparison
spoof/nbns/nbns_response normal NetBIOS Name Service Spoofer
spoof/replay/pcap_replay normal Pcap replay utility
spoof/wifi/airpwn normal Airpwn TCP hijack
spoof/wifi/dnspwn normal DNSpwn DNS hijack
sqli/oracle/dbms_cdc_ipublish 2008-10-22 normal Oracle DB SQL Injection via SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE
sqli/oracle/dbms_cdc_publish 2008-10-22 normal Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE
sqli/oracle/dbms_cdc_publish2 2010-04-26 normal Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE
sqli/oracle/dbms_cdc_publish3 2010-10-13 normal Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
sqli/oracle/dbms_export_extension 2006-04-26 normal Oracle DB SQL Injection via DBMS_EXPORT_EXTENSION
sqli/oracle/dbms_metadata_get_granted_xml 2008-01-05 normal Oracle DB SQL Injection via SYS.DBMS_METADATA.GET_GRANTED_XML
sqli/oracle/dbms_metadata_get_xml 2008-01-05 normal Oracle DB SQL Injection via SYS.DBMS_METADATA.GET_XML
sqli/oracle/dbms_metadata_open 2008-01-05 normal Oracle DB SQL Injection via SYS.DBMS_METADATA.OPEN
sqli/oracle/droptable_trigger 2009-01-13 normal Oracle DB SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL Trigger
sqli/oracle/jvm_os_code_10g 2010-02-01 normal Oracle DB 10gR2, 11gR1/R2 DBMS_JVM_EXP_PERMS OS Command Execution
sqli/oracle/jvm_os_code_11g 2010-02-01 normal Oracle DB 11g R1/R2 DBMS_JVM_EXP_PERMS OS Code Execution
sqli/oracle/lt_compressworkspace 2008-10-13 normal Oracle DB SQL Injection via SYS.LT.COMPRESSWORKSPACE
sqli/oracle/lt_findricset_cursor 2007-10-17 normal Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method
sqli/oracle/lt_mergeworkspace 2008-10-22 normal Oracle DB SQL Injection via SYS.LT.MERGEWORKSPACE
sqli/oracle/lt_removeworkspace 2008-10-13 normal Oracle DB SQL Injection via SYS.LT.REMOVEWORKSPACE
sqli/oracle/lt_rollbackworkspace 2009-05-04 normal Oracle DB SQL Injection via SYS.LT.ROLLBACKWORKSPACE
voip/sip_invite_spoof normal SIP Invite Spoof
msf >使用webdav:
msf > use scanner/http/webdav_scanner
msf auxiliary(webdav_scanner) > info
Name: HTTP WebDAV Scanner
Module: auxiliary/scanner/http/webdav_scanner
Version: 11707
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
et
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no Use a proxy chain
RHOSTS yes The target address range or CIDR identifier
RPORT 80 yes The target port
THREADS 1 yes The number of concurrent threads
VHOST no HTTP server virtual host
Description:
Detect webservers with WebDAV enabled
msf auxiliary(webdav_scanner) > set RHOSTS 192.168.1.123
RHOSTS => 192.168.1.123
msf auxiliary(webdav_scanner) > run
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed 因为2003上面没有安装IIS,所有就没有。
我在2003上面安装IIS6之后,允许webdav,就出现下面的结果:
msf auxiliary(webdav_scanner) > run
[*] 192.168.1.123 (Microsoft-IIS/6.0) has WEBDAV ENABLED
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed然后禁止webdav,就出现下面的结果:
msf auxiliary(webdav_scanner) > run
[*] 192.168.1.123 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed