Aunque existen muchas formas de realizar un escaneo de puertos desde GNU/Linux, la más común y habitual nmap, metasploit también permite realizar un escaneo de uno o varios equipos de forma rápida y eficaz. Para ello, simplemente hay que emplear el módulo "portscan/tcp".
msf> search portscan Matching Modules ================ Name Rank Description ---- ---- ----------- auxiliary/scanner/natpmp/natpmp_portscan normal NAT-PMP Port Scanner auxiliary/scanner/portscan/ack normal TCP ACK Firewall Scanner auxiliary/scanner/portscan/ftpbounce normal FTP Bounce Port Scanner auxiliary/scanner/portscan/syn normal TCP SYN Port Scanner auxiliary/scanner/portscan/tcp normal TCP Port Scanner auxiliary/scanner/portscan/xmas normal TCP "XMas" Port Scanner msf> use auxiliary/scanner/portscan/tcp
Una vez el módulo auxiliar cargado, sólo queda configurarlo,
msf auxiliary(tcp)> set INTERFACE eth2 INTERFACE => eth2 msf auxiliary(tcp)> set RHOSTS 192.168.1.7 192.168.1.210 RHOSTS => 192.168.1.7 192.168.1.210 msf auxiliary(tcp)> set THREADS 4 THREADS => 4 msf auxiliary(tcp)> show options Module options (auxiliary/scanner/portscan/tcp): Name Setting Description ---- ------- ----------- CONCURRENCY 10 Number of concurrent ports to check per host FILTER The filter string for capturing traffic INTERFACE eth2 The name of the interface PCAPFILE The name of the PCAP capture file to process PORTS 1-10000 Ports to scan (e.g. 22-25,80,110-900) RHOSTS 192.168.1.7 192.168.1.210 The target address range or CIDR identifier SNAPLEN 65535 The number of bytes to capture THREADS 4 The number of concurrent threads TIMEOUT 1000 The socket connect timeout in milliseconds
y finalmente ejecutarlo,
msf auxiliary(tcp)> run [*] 192.168.1.210:22 - TCP OPEN [*] 192.168.1.210:25 - TCP OPEN [*] 192.168.1.7:22 - TCP OPEN [*] 192.168.1.7:25 - TCP OPEN [*] 192.168.1.210:80 - TCP OPEN [*] 192.168.1.7:80 - TCP OPEN [*] 192.168.1.7:443 - TCP OPEN [*] 192.168.1.210:873 - TCP OPEN [*] 192.168.1.7:873 - TCP OPEN [*] 192.168.1.210:2583 - TCP OPEN [*] 192.168.1.7:3306 - TCP OPEN [*] 192.168.1.210:8009 - TCP OPEN [*] 192.168.1.210:9102 - TCP OPEN [*] 192.168.1.7:9102 - TCP OPEN [*] Scanned 2 of 2 hosts (100% complete) [*] Auxiliary module execution completed
Una de las ventajas que presenta es que se puede indicar el número de thread's concurrentes a emplear y por lo tanto agilizar el escaneo de una red grande, por ejemplo.
No hay comentarios :
Publicar un comentario