If you don’t know what Metasploit is, check out this article: Metasploit Penetration Framework for Cybersecurity Personnel!
Port scanning
First check the supported port scanning types
ACK firewall scan
use auxiliary/scanner/portscan/ack
Copy the code
SYN Port scanning
use auxiliary/scanner/portscan/syn
Copy the code
Using the Wireshark, you can see that the wireshark sends SYN packets to establish a three-way handshake and determines whether the port is open based on the response packet
TCP Port scanning
use auxiliary/scanner/portscan/tcp
Copy the code
The wireshark is also used to capture packets. It is similar to SYN scanning, except that the THREE-way handshake is completed. SYN scanning directly sends an RST packet to reject connections
Xmas scanning
use auxiliary/scanner/portscan/xmas
Copy the code
The Xmas sends fin packets to the target port and determines whether the port is open based on the response
Web information scanning
Scanning network directories
use auxiliary/scanner/http/dir_scanner
Copy the code
Wireshark is used to scan websites by sending GET requests
Server software Scan
use auxiliary/scanner/http/http_version
Copy the code
The principle is also very simple, is to obtain the content of the HTTP response packet
XSS vulnerability scanning
use auxiliary/scanner/http/trace
Copy the code
Principle through the URL injection JS code to determine whether there is an XSS vulnerability.
WebDAV scanning
use auxiliary/scanner/http/webdav_scanner
Copy the code
Information collection
SSH Version Collection
use auxiliary/scanner/ssh/ssh_version
Copy the code
You can query SSH port 22 by sending a data packet to obtain the SSH version
Mysql Version Collection
use auxiliary/scanner/mysql/mysql_version
Copy the code
Scan Mysql port 3306 by sending data packets
Infiltration attack
Apache DOS attack
use auxiliary/dos/http/apache_range_dos
Copy the code
Attack port 80 by sending large packets
Reference documentation
Metasploit Commonly used Web vulnerability scanning module
Kali Linux 2016.2 (Rolling) Metasploit