Scanning with msf auxiliary

scanning with msf auxiliary

Scanning the htb network for SMB Ports 445

sudo msfconsole

use auxiliary/scanner/portscan/tcp

show options

set ports 445

set rhosts 10.10.10.0/24

set threads 64

exploit -j

two machines with smb 445 detected

Lets comparte that with nmap

sudo nmap -T5 -Pn -sS -p445 --open --randomize-hosts -oA htb_host445 10.10.10.0/24

nmap shows the same hosts

Let's do another scan with port 80

6 machines with port 80 detected

Compare with nmap

sudo nmap -T5 -Pn -sS -p80 --open --randomize-hosts -oA htb_hosts80 10.10.10.0/24

Convert xml output from nmap to html file

xsltproc htb_hosts80.xml -o htb_hosts80.html

html report from nmap scan

Scan for ssh version

use auxiliary/scanner/ssh/ssh_version

show options

set threads 64

set rhosts 10.10.10.0/24

ssh version result from auxiliary scan