下面附上内网渗透中可能用得上的
msf
模块
scanner/portscan/syn SYN
端口扫描
scanner/portscan/tcp TCP 端口扫描
scanner/portscan/tcp TCP 端口扫描
auxiliary/scanner/smb/smb_login SMB
登录测试扫描
use windows/smb/psexec SMB 登录,可用 hash 登录
auxiliary/scanner/smb/smb_version 系统版本扫描
use windows/smb/psexec SMB 登录,可用 hash 登录
auxiliary/scanner/smb/smb_version 系统版本扫描
auxiliary/admin/smb/psexec_command SMB
登录并且执行特定命令
admin/mssql/mssql_enum MSSQL
枚举
admin/mssql/mssql_exec MSSQL 执行 sql 语句
admin/mssql/mssql_exec MSSQL 执行 sql 语句
admin/mssql/mssql_sql MSSQL
查询
scanner/mssql/mssql_login MSSQL 登陆测试扫描
scanner/mssql/mssql_ping 扫描 mssql 开放端口主机(不止扫描 1433tcp 端口, 1434UDP 端口也是探测的项目,因为 1433TCP 端口可能修改,但是 UDP 端口不会改)
scanner/mssql/mssql_login MSSQL 登陆测试扫描
scanner/mssql/mssql_ping 扫描 mssql 开放端口主机(不止扫描 1433tcp 端口, 1434UDP 端口也是探测的项目,因为 1433TCP 端口可能修改,但是 UDP 端口不会改)
各种针对
mssql
的
exp
,
search mssql
就可以了
auxiliary/scanner/ssh/ssh_login ssh
登录
auxiliary/scanner/ssh/ssh_version ssh 版本扫描
auxiliary/scanner/ssh/ssh_version ssh 版本扫描
auxiliary/admin/mysql/mysql_enum mysql
枚举
auxiliary/admin/mysql/mysql_sql mysql
语句执行
auxiliary/scanner/mysql/mysql_login mysql
登录测试扫描
以及各种针对
mysql
的
exp
,
search mysql
就可以了
端口扫描
auxiliary/scanner/portscan
scanner/portscan/ack ACK防火墙扫描
scanner/portscan/ftpbounce FTP跳端口扫描
scanner/portscan/syn SYN端口扫描
scanner/portscan/tcp TCP端口扫描
scanner/portscan/xmas TCP"XMas"端口扫描
SMB扫描
smb枚举auxiliary/scanner/smb/smb_enumusers
返回DCERPC信息auxiliary/scanner/smb/pipe_dcerpc_auditor
扫描SMB2协议auxiliary/scanner/smb/smb2
扫描smb共享文件auxiliary/scanner/smb/smb_enumshares
枚举系统上的用户auxiliary/scanner/smb/smb_enumusers
SMB登录auxiliary/scanner/smb/smb_login
SMB登录use windows/smb/psexec(通过md5值登录)
扫描组的用户auxiliary/scanner/smb/smb_lookupsid
扫描系统版本auxiliary/scanner/smb/smb_version
mssql扫描(端口tcp1433udp1434)
admin/mssql/mssql_enum MSSQL枚举
admin/mssql/mssql_exec MSSQL执行命令
admin/mssql/mssql_sql MSSQL查询
scanner/mssql/mssql_login MSSQL登陆工具
scanner/mssql/mssql_ping 测试MSSQL的存在和信息
另外还有一个mssql_payload的模块 利用使用的
smtp扫描
smtp枚举auxiliary/scanner/smtp/smtp_enum
扫描smtp版本auxiliary/scanner/smtp/smtp_version
snmp扫描
通过snmp扫描设备auxiliary/scanner/snmp/community
ssh扫描
ssh登录auxiliary/scanner/ssh/ssh_login
ssh公共密钥认证登录auxiliary/scanner/ssh/ssh_login_pubkey
扫描ssh版本测试auxiliary/scanner/ssh/ssh_version
telnet扫描
telnet登录auxiliary/scanner/telnet/telnet_login
扫描telnet版本auxiliary/scanner/telnet/telnet_version
tftp扫描
扫描tftp的文件auxiliary/scanner/tftp/tftpbrute
ftp版本扫描scanner/ftp/anonymous
ARP扫描
auxiliary/scanner/discovery/arp_sweep
扫描UDP服务的主机auxiliary/scanner/discovery/udp_probe
检测常用的UDP服务auxiliary/scanner/discovery/udp_sweep
sniffer密码auxiliary/sniffer/psnuffle
snmp扫描scanner/snmp/community
vnc扫描无认证扫描scanner/vnc/vnc_none_auth
auxiliary/scanner/portscan
scanner/portscan/ack ACK防火墙扫描
scanner/portscan/ftpbounce FTP跳端口扫描
scanner/portscan/syn SYN端口扫描
scanner/portscan/tcp TCP端口扫描
scanner/portscan/xmas TCP"XMas"端口扫描
SMB扫描
smb枚举auxiliary/scanner/smb/smb_enumusers
返回DCERPC信息auxiliary/scanner/smb/pipe_dcerpc_auditor
扫描SMB2协议auxiliary/scanner/smb/smb2
扫描smb共享文件auxiliary/scanner/smb/smb_enumshares
枚举系统上的用户auxiliary/scanner/smb/smb_enumusers
SMB登录auxiliary/scanner/smb/smb_login
SMB登录use windows/smb/psexec(通过md5值登录)
扫描组的用户auxiliary/scanner/smb/smb_lookupsid
扫描系统版本auxiliary/scanner/smb/smb_version
mssql扫描(端口tcp1433udp1434)
admin/mssql/mssql_enum MSSQL枚举
admin/mssql/mssql_exec MSSQL执行命令
admin/mssql/mssql_sql MSSQL查询
scanner/mssql/mssql_login MSSQL登陆工具
scanner/mssql/mssql_ping 测试MSSQL的存在和信息
另外还有一个mssql_payload的模块 利用使用的
smtp扫描
smtp枚举auxiliary/scanner/smtp/smtp_enum
扫描smtp版本auxiliary/scanner/smtp/smtp_version
snmp扫描
通过snmp扫描设备auxiliary/scanner/snmp/community
ssh扫描
ssh登录auxiliary/scanner/ssh/ssh_login
ssh公共密钥认证登录auxiliary/scanner/ssh/ssh_login_pubkey
扫描ssh版本测试auxiliary/scanner/ssh/ssh_version
telnet扫描
telnet登录auxiliary/scanner/telnet/telnet_login
扫描telnet版本auxiliary/scanner/telnet/telnet_version
tftp扫描
扫描tftp的文件auxiliary/scanner/tftp/tftpbrute
ftp版本扫描scanner/ftp/anonymous
ARP扫描
auxiliary/scanner/discovery/arp_sweep
扫描UDP服务的主机auxiliary/scanner/discovery/udp_probe
检测常用的UDP服务auxiliary/scanner/discovery/udp_sweep
sniffer密码auxiliary/sniffer/psnuffle
snmp扫描scanner/snmp/community
vnc扫描无认证扫描scanner/vnc/vnc_none_auth