# Scanning with msf auxiliary ### scanning with msf auxiliary Scanning the htb network for SMB Ports 445 > sudo msfconsole > > use auxiliary/scanner/portscan/tcp > > show options > > set ports 445 > > set rhosts 10.10.10.0/24 > > set threads 64 > > exploit -j ![two machines with smb 445 detected](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MfT0VPyK6X13Egd9pzy%2F-MhVGGytTDVQp2KX8yLD%2F-MhYMncnbL7yzOhr0kQW%2Faux01.png?alt=media\&token=a9419b95-b1e8-42c1-b4f7-64050bdad6d9) Lets comparte that with nmap > sudo nmap -T5 -Pn -sS -p445 --open --randomize-hosts -oA htb\_host445 10.10.10.0/24 ![nmap shows the same hosts](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MfT0VPyK6X13Egd9pzy%2F-MhVGGytTDVQp2KX8yLD%2F-MhYNo0btSHFk-hKUv5Z%2Fnmap04.png?alt=media\&token=1a0486b0-de89-453c-83db-de224dda455d) Let's do another scan with port 80 ![6 machines with port 80 detected](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MfT0VPyK6X13Egd9pzy%2F-MhVGGytTDVQp2KX8yLD%2F-MhYPZSdPB8dbPLC7AK_%2Faux02.png?alt=media\&token=494e39ea-b8f3-4478-9e24-b270329331c0) Compare with nmap > sudo nmap -T5 -Pn -sS -p80 --open --randomize-hosts -oA htb\_hosts80 10.10.10.0/24 Convert xml output from nmap to html file > xsltproc htb\_*hosts80.xml -o htb*\_hosts80.html

Scan for ssh version > use auxiliary/scanner/ssh/ssh\_version > > show options > > set threads 64 > > set rhosts 10.10.10.0/24 ![ssh version result from auxiliary scan](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MfT0VPyK6X13Egd9pzy%2F-MhVGGytTDVQp2KX8yLD%2F-MhYUtcCtx9tx_UL5Lf2%2Faux03.png?alt=media\&token=077a5cde-9217-4d28-80b5-7995756b7d89)