using those two to get started. The first thing we need to do is locate a module. To
find one, we use
search
. You can search for operating systems,
applications, module
types, or for words in the description. Once you locate a module, you will see it repre‐
sented as though it were a file in a directory hierarchy. This is because ultimately,
that’s exactly what it is. All of the modules are stored as Ruby files in the directory
hierarchy you will see. To load the module and use it, we use the
use
command. You
can
see loading up a module in
. This was done after searching for a
scanner and selecting one. Once the module is loaded, I showed the options so you
can see what needs to be set before running it.
Example 5-11. Options for scanner module
msf > use auxiliary/scanner/smb/smb_version
msf auxiliary
(
scanner/smb/smb_version
)
>
show options
Module options
(
auxiliary/scanner/smb/smb_version
)
:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
SMBDomain . no The Windows domain to use
for
authentication
SMBPass
no The password
for
the specified username
SMBUser no The username to authenticate as
THREADS
1
yes The number of concurrent threads
This module is simple. The only thing that we have to set is the remote hosts variable,
called
RHOSTS
. You can see this is required, but it also has no default value. You
would
need to provide an IP address, a range of addresses, or a CIDR block. The only
other variable that needs to be set is
THREADS
, which is the number of processing
threads that will be allocated to this module. There is a default for this setting, though
if
you want the scan to go faster, you can increase the number of threads to send out
more messages at the same time.
While you can use just a search string with applications or operat‐
ing systems, Metasploit also uses keywords to get targeted respon‐
ses. To narrow your search results, you can use the following
keywords:
app, author, bid, cve, edb, name, platform, ref,
and
type
.
bid
is a Bugtraq ID,
cve
is a Common Vulnerabilities and Exposures
number,
edb
is
an Exploit-DB identifier, and
type
is the type of
module (exploit, auxiliary, or post). To use one of these, you follow
the keyword with a colon and then the value. You don’t have to use
entire strings. You could use
cve:2017
,
for instance, to look for CVE
values that include 2017, which should be all of the CVEs from the
year 2017.
