metasploit - network discovery

metasploit | install | maintenance | discovery

payload | handler | session

as root otherwise you cannot scan UDP from within the framework

workspace

workspace -h
workspace -v

==> default is fine

host scan

ping scan to begin with

db_nmap -sn -T3 x.x.x.x/x

host + service scan

then an easy-peasy top 1000 for those who did not answer

db_nmap -Pn -sV -A -T3 x.x.x.x/x
# -sTUV
# -sS -n -v

alternate port scan

use auxiliary/scanner/portscan/tcp
show options

known hosts go as RHOSTS

# ping scan
hosts -R

# top 1000 & OS scan
hosts -S Linux -R

run

host scan results

hosts
hosts -c address,os_name,os_flavor
hosts -S Linux

service scan results

services
services -c name,info
services -c info,name -p 445
services -c port,proto,state -p 80,443

Resources

usage

https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit

https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/

https://www.andreafortuna.org/2017/12/11/metasploit-console-my-own-cheatsheet/

https://www.rapid7.com/db/modules/

http://www.digitalbond.com/blog/2010/07/14/metasploit-basics-%E2%80%93-part-4-exploit-and-attack-example/

rhosts on file

http://travisaltman.com/metasploit-set-rhosts-file/

meterpreter

https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/

https://docs.rapid7.com/metasploit/manage-meterpreter-and-shell-sessions/

https://security.stackexchange.com/questions/219877/how-to-connect-to-a-meterpreter-session-opened-manually-on-the-target-machine

sessions

https://www.hackingarticles.in/sessions-command-metasploit/

database

https://www.offensive-security.com/metasploit-unleashed/using-databases/

write your own

https://github.com/rapid7/metasploit-framework/wiki/How-to-get-started-with-writing-an-exploit

https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer