整理不易,转载请加原文链接:https://www.cnblogs.com/Yang34/p/12343672.html
补充下msf与数据库连接
结合nmap如下:
发现内网服务
use auxiliary/scanner/http/http_version 发现http服务
use auxiliary/scanner/http/title
use scanner/smb/smb_version 发现smb服务
use scanner/ftp/ftp_version 发现ftp服务(这里没配ftp)
use auxiliary/scanner/ssh/ssh_version 发现ssh服务
use auxiliary/scanner/mysql/mysql_version 发现mysql服务
发现内网存活主机及端口
use auxiliary/scanner/portscan/ack
use auxiliary/scanner/portscan/tcp
use auxiliary/scanner/portscan/syn
use auxiliary/scanner/netbios/nbname
use scanner/discovery/arp_sweep
use scanner/discovery/udp_sweep
use auxiliary/scanner/discovery/udp_probe
use auxiliary/scanner/dns/dns_amp
use auxiliary/scanner/rdp/rdp_scanner
在被控端上线时的一些探测
run windows/gather/arp_scanner RHOSTS= 192.168.5.125-132 THREADS=20
发现域存活主机可使用: