使用Metasploit进行端口扫描

Metasploit中不仅能够使用第三方扫描器Nmap等，在其辅助模块中也包含了几款内建的端口扫描器。

查看Metasploit框架提供的端口扫描工具：

msf > search portscan



Matching Modules

================



   Name                                              Disclosure Date  Rank    Description

   ----                                              ---------------  ----    -----------

   auxiliary/scanner/http/wordpress_pingback_access                   normal  Wordpress Pingback Locator

   auxiliary/scanner/natpmp/natpmp_portscan                           normal  NAT-PMP External Port Scanner

   auxiliary/scanner/portscan/ack                                     normal  TCP ACK Firewall Scanner

   auxiliary/scanner/portscan/ftpbounce                               normal  FTP Bounce Port Scanner

   auxiliary/scanner/portscan/syn                                     normal  TCP SYN Port Scanner

   auxiliary/scanner/portscan/tcp                                     normal  TCP Port Scanner

   auxiliary/scanner/portscan/xmas                                    normal  TCP "XMas" Port Scanner

　使用Metasploit的SYN端口扫描器对单个主机进行一次简单的扫描：

msf > use scanner/portscan/syn

　　设定RHOST参数为192.168.119.132，线程数为50

RHOSTS => 192.168.119.132

msf  auxiliary(syn) > set THREADS 50

THREADS => 50

msf  auxiliary(syn) > run



[*]  TCP OPEN 192.168.119.132:80

[*]  TCP OPEN 192.168.119.132:135

[*]  TCP OPEN 192.168.119.132:139

[*]  TCP OPEN 192.168.119.132:1433

[*]  TCP OPEN 192.168.119.132:2383

[*]  TCP OPEN 192.168.119.132:3306

[*]  TCP OPEN 192.168.119.132:3389

[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed