Scanning for Targets
We took a look at using modules in the preceding chapter. While we certainly can use
tools like
nmap
to get details about systems and services available on our target net‐
work, we can also use other modules that are in Metasploit. While a program like
nmap
has a lot of functionality and the scripts will provide
a lot of details about our
targets, many scanners are built into Metasploit. An advantage to using those is that
we’re going to be in Metasploit in order to run exploits, so perhaps it’s
just as easy to
start in Metasploit to begin with. All the results found will be stored in the database,
since they are being run from inside Metasploit.
Port Scanning
For our
purposes, we’re going to forego using
nmap
and concentrate on what’s in
Metasploit, so we’re going to use the auxiliary port scan modules. You’ll find that
Metasploit has a good collection of port scanners covering a range of needs. You can
see
the list in
Example 6-1
.
Example 6-1. Port scanners in Metasploit
msf > search portscan
Matching
Modules
================
Disclosure
Name
Date Rank Description
---- ---------- ---- -----------
auxiliary/scanner/http/wordpress_pingback_access normal Wordpress
Pingback
Locator
auxiliary/scanner/natpmp/natpmp_portscan
normal NAT-PMP
External
Port Scanner
auxiliary/scanner/portscan/ack normal TCP ACK
Firewall
Scanner
auxiliary/scanner/portscan/ftpbounce
normal FTP Bounce
Port Scanner
auxiliary/scanner/portscan/syn normal TCP SYN Port
Scanner
auxiliary/scanner/portscan/tcp
normal TCP Port
Scanner
auxiliary/scanner/portscan/xmas normal TCP
"XMas"
Port Scanner
auxiliary/scanner/sap/sap_router_portscanner
normal SAPRouter
Port Scanner
