第一季--------------------
启动Metasploit:msfconsole
升级和更新:./msfupdate
直接退出:exit 退回上一级:quit
1.端口扫描:
a.调用Nmap扫描
nmap -v -sV ip
b.调用msf模块扫描(1)
use auxiliary/scanner/portscan/syn
show options
set INTERFACE 网卡
set PORTS 端口
set RHOSTS IP/24 (24是网路遮罩, 因为ipv4全长32个bit, 所以32-24=8, 也就是遮罩大小为2的8次方, 也就是256个ip可以使用)
set THREADS 100
run
2.SMB扫描_获取系统信息
msfconsole
use auxiliary/scanner/smb/smb_version
show options
set RHOST IP
(假如ip是192.168.1.1,要扫描多个ip可以set RHOS 192.168.1.1-200)
set THREADS 10
run
3.服务识别(ssh)
msfconsole
use auxiliary/scanner/ssh/ssh_version
show options
set RHOST IP
run
服务识别(FTP)
use auxiliary/scanner/ftp/ftp_version
show options
set FTPUSER
set RHOST IP
run
4.密码嗅探
msfconsole
use auxiliary/sniffer/psnuffle
show options
run
5.SNMP扫描与枚举
msfconsole
search snmp
use auxiliary/scanner/snmp/snmp_login
show options
set RHOST IP
set THREADS 10
run
use auxiliary/scanner/snmp/snmp_enum
set RHOST IP
set THREADS 10
run
6.SMB登陆验证
msfconsole
use auxiliary/scanner/smb/smb_login
show options
set RHOST IP
set SMBUser administrator
set THREADS 100
run
7.VNC身份验证
msfconsole
use auxiliary/scanner/vnc/vnc_none_auth
show options
set RHOST IP
set THREADS 100
run
8.WMAP Web扫描(http://www.2cto.com/article/201312/266601.htmls)
msfconsole
load wmap
wmap_sites
wmap_sites -a url
wmap_sites -l
wmap_targets -h
wmap_targets -t url
wmap_targets -l
wmap_run -h
wmap_run -t
---------------------
注:該筆記摘自羽翼課堂所講,若有侵犯請聯繫本人刪除。