1.9 KiB
Description
This module will attempt to initiate a TCP/IP connection with ports on the victim machine. It is this done by sending a SYN packet, and if victim replies with a SYN/ACK packet that means the port is open. Then the attacker sends a RST packet, and as a result the victim's machine assumes that there is a communication error. The attacker now knows the state of port without a full tcp connection. Major benefit of TCP SYN scan is that most logging applications do not log the TCP/RST by default.
Options
PORTS
This is the list of TCP ports to test on each host.
Formats like 1-3, 1,2,3, 1,2-3, etc. are all supported. Default
options is to scan 1-10000 ports.
TIMEOUT
Maximum time to wait for a response. The default value is 500 milliseconds.
VERBOSE
Gives detailed message about the scan of all the ports. It also shows the ports that were closed.
Verification Steps
- Do:
use auxiliary/scanner/portscan/syn - Do:
set RHOSTS [IP] - Do:
set PORTS [PORTS] - Do:
run - If any of the TCP ports were open they will be discovered, status will be printed indicating as such.
Scenarios
Metaspliotable 2
msf > use auxiliary/scanner/portscan/syn
msf auxiliary(syn) > set RHOSTS 192.168.45.159
RHOSTS => 192.168.45.159
msf auxiliary(syn) > set PORTS 1-10000
PORTS => 1-10000
msf auxiliary(syn) > run
[*] TCP OPEN 192.168.45.159:22
[*] TCP OPEN 192.168.45.159:23
[*] TCP OPEN 192.168.45.159:111
[*] TCP OPEN 192.168.45.159:445
[*] TCP OPEN 192.168.45.159:512
[*] TCP OPEN 192.168.45.159:513
[*] TCP OPEN 192.168.45.159:1099
[*] TCP OPEN 192.168.45.159:2121
[*] TCP OPEN 192.168.45.159:3306
[*] TCP OPEN 192.168.45.159:3632
[*] TCP OPEN 192.168.45.159:6000
[*] TCP OPEN 192.168.45.159:6697
[*] TCP OPEN 192.168.45.159:8009
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed