Tcp syn port scanning with metasploit

于 2012-10-26 14:49:00 发布
阅读量104 收藏
点赞数
CC 4.0 BY-SA版权
文章标签: 网络 python
原文链接:https://my.oschina.net/yisenn/blog/85333
本文详细介绍了如何利用Metasploit进行TCP SYN扫描,包括安装要求、配置选项和执行步骤。通过设置目标主机、扫描端口、线程数和超时参数,可以快速发现开放端口。

2019独角兽企业重金招聘Python工程师标准>>> hot3.png

http://www.binarytides.com/tcp-syn-port-scanning-with-metasploit/

Tcp syn port scanning with metasploit

Metasploit can be used for tcp syn portscanning. The module auxiliary/scanner/portscan/syn can be used. For tcp syn scanning metasploit must be run as root since tcp syn scanning requires raw socket, which require root privileges on a linux system. For example on ubuntu it should be run as "sudo msfconsole". 

msf > use auxiliary/scanner/portscan/syn 
msf  auxiliary(syn) > show options

Module options (auxiliary/scanner/portscan/syn):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   BATCHSIZE  256              yes       The number of hosts to scan per set
   INTERFACE                   no        The name of the interface
   PORTS      1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS                      yes       The target address range or CIDR identifier
   SNAPLEN    65535            yes       The number of bytes to capture
   THREADS    1                yes       The number of concurrent threads
   TIMEOUT    500              yes       The reply read timeout in milliseconds

msf  auxiliary(syn) >

The options include specifying multiple remote hosts, port numbers and the number of threads. Lets take a quick example : 

msf  auxiliary(syn) > show options

Module options (auxiliary/scanner/portscan/syn):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   BATCHSIZE  256              yes       The number of hosts to scan per set
   INTERFACE                   no        The name of the interface
   PORTS      1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS                      yes       The target address range or CIDR identifier
   SNAPLEN    65535            yes       The number of bytes to capture
   THREADS    1                yes       The number of concurrent threads
   TIMEOUT    500              yes       The reply read timeout in milliseconds

msf  auxiliary(syn) > set RHOSTS 192.168.1.1
RHOSTS => 192.168.1.1
msf  auxiliary(syn) > set PORTS 1-1000
PORTS => 1-1000
msf  auxiliary(syn) > set THREADS 100
THREADS => 100
msf  auxiliary(syn) > set TIMEOUT 250
TIMEOUT => 250
msf  auxiliary(syn) > run

[*]  TCP OPEN 192.168.1.1:21
[*]  TCP OPEN 192.168.1.1:23
[*]  TCP OPEN 192.168.1.1:80

So the output shows 3 ports open(21- ftp, 23 - telnet, 80 - http). The equivalent nmap command for this scan would be 

$ nmap -sS -T4 192.168.1.1 -p1-1000

The source code of the metasploit scanner can be viewed here. As can be seen its not very big in size and uses the pcap library.

References

http://www.metasploit.com/modules/auxiliary/scanner/portscan/syn

转载于:https://my.oschina.net/yisenn/blog/85333

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值