msf aux scans

Goals

• Protocol enumeration, port scanning, fuzzing, sniffing...

Commands

• show auxiliary
• set THREADS 10
• set RHOSTS 10.0.0.1-254

Common scanners

• use auxiliary/scanner/smb/smb_ms17_010
• use auxiliary/scanner/smb/smb_version
• use auxiliary/scanner/ftp/anonymous
• use auxiliary/scanner/http/webdav_scanner

Brute force

• use auxiliary/scanner/ftp/ftp_login

Host info

• To display host database: hosts
• db_nmap [nmap options] db_nmap 10.x.x.x-254

Search database info

• services -p port_number
• services -p 443 --rhosts (To use current RHOSTS)
• Output to file: RHOSTS => file:/tmp/msf-db-rhosts-20131224-29724-iraymn