Land #8866 tcp scanner docs

bug/bundler_fix 4.16.1
h00die 2017-08-23 20:23:51 -04:00
commit 899c2cc6fa
No known key found for this signature in database
GPG Key ID: C5A9D25D1457C971
1 changed files with 71 additions and 0 deletions

View File

@ -0,0 +1,71 @@
## Description
This module will enumerate open TCP services by performing a full TCP connect on each port. This will establish a complete three-way handshake (SYN -> SYN/ACK -> ACK) on the target port. This does not need administrative privileges on the source machine, which may be useful if pivoting.
## Vulnerable Application
Any reachable TCP endpoint is a potential target.
## Options
**PORTS**
This is the list of ports to test for TCP Scan on each host.
Formats like `1-3`, `1,2,3`, `1,2-3`, etc. are all supported. Default
options is to scan `1-10000` ports.
**ConnectTimeout**
This options states the maximum number of seconds to establish a tcp
connection. Default value if `10`.
**VERBOSE**
Gives detailed message about the scan of all the ports. It also shows the
ports that were closed.
## Verification Steps
1. Do: ```use auxiliary/scanner/portscan/tcp```
2. Do: ```set RHOSTS [IP]```
3. Do: ```set PORTS [PORTS]```
4. Do: ```run```
## Scenarios
### Metaspliotable 2
```
msf > use auxiliary/scanner/portscan/tcp
msf auxiliary(tcp) > set RHOSTS 192.168.45.159
msf auxiliary(tcp) > set PORTS 1-10000
msf auxiliary(tcp) > run
[*] 192.168.45.159: - 192.168.45.159:25 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:21 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:23 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:22 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:53 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:80 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:111 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:139 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:445 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:513 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:514 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:512 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:1099 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:1524 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:2049 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:2121 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:3306 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:3632 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:5432 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:5900 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:6000 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:6667 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:6697 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:8009 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:8180 - TCP OPEN
[*] 192.168.45.159: - 192.168.45.159:8787 - TCP OPEN
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```