metasploit-framework/documentation/modules/auxiliary/scanner/portscan/xmas.md

# Description

This module is used to determine if the ports on target machine are closed. In this scan sends probes containing the FIN, PSH and URG flags. 

This scan is faster and stealthier compared to some other scans.Following action are performed depending on the state of ports -

#### Open Port:
Detects an open port via no response to the segment

#### Closed Port: 
Detects that a closed via a RST received in response to the FIN

#### Filtered Port:
Cannot distinguish between a filtered port and an open port

#### Unfiltered Port:
Cannot distinguish between an unfiltered port and a non-stateful filtered port

# Vulnerable Application

  XMAS scan requires the use of raw sockets, and thus cannot be performed from some Windows
  systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges.

# Options

  **PORTS**
  
  This is the list of TCP ports to test on each host.
  Formats like  `1-3`, `1,2,3`, `1,2-3`, etc. are all supported. Default
  options is to scan `1-10000` ports.
  
  **Timeout**

  This options states the reply read timeout in milliseconds. Default value if `500`.

  **RHOSTS**

  The target address range is defined in this option.

  **VERBOSE**
  
  Gives detailed message about the scan of all the ports. It also shows the
  ports that were not open/filtered.

# Verification Steps

  1. Do: `use auxiliary/scanner/portscan/xmas`
  2. Do: `set RHOSTS [IP]`
  3. Do: `set PORTS [PORTS]`
  4. Do: `run`
  5. The open/filtered ports will be discovered, status will be printed indicating as such.

# Scenarios
  
### Metaspliotable 2

```
msf > use auxiliary/scanner/portscan/xmas
msf auxiliary(xmas) > set rhosts 192.168.45.159
rhosts => 192.168.45.159
msf auxiliary(xmas) > set ports 1-100
ports => 1-100
msf auxiliary(xmas) > run

[*]  TCP OPEN|FILTERED 192.168.45.159:1
[*]  TCP OPEN|FILTERED 192.168.45.159:3
[*]  TCP OPEN|FILTERED 192.168.45.159:5
[*]  TCP OPEN|FILTERED 192.168.45.159:8
[*]  TCP OPEN|FILTERED 192.168.45.159:12
[*]  TCP OPEN|FILTERED 192.168.45.159:14
[*]  TCP OPEN|FILTERED 192.168.45.159:16
[*]  TCP OPEN|FILTERED 192.168.45.159:19
[*]  TCP OPEN|FILTERED 192.168.45.159:21
[*]  TCP OPEN|FILTERED 192.168.45.159:37
[*]  TCP OPEN|FILTERED 192.168.45.159:39
[*]  TCP OPEN|FILTERED 192.168.45.159:41
[*]  TCP OPEN|FILTERED 192.168.45.159:43
[*]  TCP OPEN|FILTERED 192.168.45.159:49
[*]  TCP OPEN|FILTERED 192.168.45.159:52
[*]  TCP OPEN|FILTERED 192.168.45.159:53
[*]  TCP OPEN|FILTERED 192.168.45.159:55
[*]  TCP OPEN|FILTERED 192.168.45.159:57
[*]  TCP OPEN|FILTERED 192.168.45.159:59
[*]  TCP OPEN|FILTERED 192.168.45.159:61
[*]  TCP OPEN|FILTERED 192.168.45.159:63
[*]  TCP OPEN|FILTERED 192.168.45.159:65
[*]  TCP OPEN|FILTERED 192.168.45.159:67
[*]  TCP OPEN|FILTERED 192.168.45.159:69
[*]  TCP OPEN|FILTERED 192.168.45.159:73
[*]  TCP OPEN|FILTERED 192.168.45.159:89
[*]  TCP OPEN|FILTERED 192.168.45.159:91
[*]  TCP OPEN|FILTERED 192.168.45.159:93
[*]  TCP OPEN|FILTERED 192.168.45.159:95
[*]  TCP OPEN|FILTERED 192.168.45.159:97
[*]  TCP OPEN|FILTERED 192.168.45.159:99
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

```
Update xmas.md 2017-10-07 08:40:28 +00:00			`# Description`
Documentation for auxiliary/scanner/portscan/xmas 2017-10-07 08:23:40 +00:00
			`This module is used to determine if the ports on target machine are closed. In this scan sends probes containing the FIN, PSH and URG flags.`

			`This scan is faster and stealthier compared to some other scans.Following action are performed depending on the state of ports -`

Update xmas.md 2017-10-07 08:40:28 +00:00			`#### Open Port:`
Documentation for auxiliary/scanner/portscan/xmas 2017-10-07 08:23:40 +00:00			`Detects an open port via no response to the segment`

Update xmas.md 2017-10-07 08:40:28 +00:00			`#### Closed Port:`
Documentation for auxiliary/scanner/portscan/xmas 2017-10-07 08:23:40 +00:00			`Detects that a closed via a RST received in response to the FIN`

Update xmas.md 2017-10-07 08:40:28 +00:00			`#### Filtered Port:`
Documentation for auxiliary/scanner/portscan/xmas 2017-10-07 08:23:40 +00:00			`Cannot distinguish between a filtered port and an open port`

Update xmas.md 2017-10-07 08:40:28 +00:00			`#### Unfiltered Port:`
Documentation for auxiliary/scanner/portscan/xmas 2017-10-07 08:23:40 +00:00			`Cannot distinguish between an unfiltered port and a non-stateful filtered port`

Update xmas.md 2017-10-07 08:40:28 +00:00			`# Vulnerable Application`
Documentation for auxiliary/scanner/portscan/xmas 2017-10-07 08:23:40 +00:00
			`XMAS scan requires the use of raw sockets, and thus cannot be performed from some Windows`
			`systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges.`

			`# Options`

			`PORTS`

			`This is the list of TCP ports to test on each host.`
			Formats like `1-3`, `1,2,3`, `1,2-3`, etc. are all supported. Default
			options is to scan `1-10000` ports.

			`Timeout`

			This options states the reply read timeout in milliseconds. Default value if `500`.

			`RHOSTS`

			`The target address range is defined in this option.`

			`VERBOSE`

			`Gives detailed message about the scan of all the ports. It also shows the`
			`ports that were not open/filtered.`

			`# Verification Steps`

			1. Do: `use auxiliary/scanner/portscan/xmas`
			2. Do: `set RHOSTS [IP]`
			3. Do: `set PORTS [PORTS]`
			4. Do: `run`
Update xmas.md 2017-10-07 08:40:28 +00:00			`5. The open/filtered ports will be discovered, status will be printed indicating as such.`
Documentation for auxiliary/scanner/portscan/xmas 2017-10-07 08:23:40 +00:00
			`# Scenarios`

			`### Metaspliotable 2`

			```
			`msf > use auxiliary/scanner/portscan/xmas`
			`msf auxiliary(xmas) > set rhosts 192.168.45.159`
			`rhosts => 192.168.45.159`
			`msf auxiliary(xmas) > set ports 1-100`
			`ports => 1-100`
			`msf auxiliary(xmas) > run`

			`[*] TCP OPEN\|FILTERED 192.168.45.159:1`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:3`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:5`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:8`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:12`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:14`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:16`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:19`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:21`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:37`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:39`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:41`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:43`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:49`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:52`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:53`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:55`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:57`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:59`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:61`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:63`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:65`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:67`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:69`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:73`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:89`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:91`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:93`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:95`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:97`
			`[*] TCP OPEN\|FILTERED 192.168.45.159:99`
			`[*] Scanned 1 of 1 hosts (100% complete)`
			`[*] Auxiliary module execution completed`

			```