域名信息收集
msf > whois 域名
用辅助模块收集邮件
msf > use auxiliary/gather/search_email_collector
msf auxiliary(gather/search_email_collector) > show options
Module options (auxiliary/gather/search_email_collector):
Name Current Setting Required Description
---- --------------- -------- -----------
DOMAIN yes The domain name to locate email addresses for
OUTFILE no A filename to store the generated email list
SEARCH_BING true yes Enable Bing as a backend search engine
SEARCH_GOOGLE true yes Enable Google as a backend search engine
SEARCH_YAHOO true yes Enable Yahoo! as a backend search engine
设置域名
msf auxiliary(gather/search_email_collector) > set domain xxxxxx
domain => xxxxxx
开始收集
msf auxiliary(gather/search_email_collector) > run
[*] Harvesting emails .....
[*] Searching Google for email addresses from xupt.edu.cn
用辅助模块查看Telnet服务
msf auxiliary(gather/search_email_collector) > use auxiliary/scanner/telnet/telnet_version
msf auxiliary(scanner/telnet/telnet_version) > show options
Module options (auxiliary/scanner/telnet/telnet_version):
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD no The password for the specified username
RHOSTS yes The target address range or CIDR identifier
RPORT 23 yes The target port (TCP)
THREADS 1 yes The number of concurrent threads
TIMEOUT 30 yes Timeout for the Telnet probe
USERNAME no The username to authenticate as
设置
msf auxiliary(scanner/telnet/telnet_version) > set RHOSTS 172.19.107.190
RHOSTS => 172.19.107.190
msf auxiliary(scanner/telnet/telnet_version) > run
用辅助模块扫描远程连接 (RDP) 是否可用
msf auxiliary(scanner/rdp/ms12_020_check) > show options
Module options (auxiliary/scanner/rdp/ms12_020_check):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 3389 yes Remote port running RDP (TCP)
THREADS 1 yes The number of concurrent threads
msf auxiliary(scanner/rdp/ms12_020_check) > set RHOSTS 169.254.190.211
RHOSTS => 169.254.190.211
msf auxiliary(scanner/rdp/ms12_020_check) > run
[*] 169.254.190.211:3389 - 169.254.190.211:3389 - Cannot reliably check exploitability.
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed