目前常见的端口扫描技术一般有如下几类: TCP Connect、TCP SYN、TCP ACK、TCP FIN。
Metasploit中的端口扫描器
Metasploit的辅助模块中提供了几款实用的端口扫描器。可以输入search portscan命令找到相关的端口扫描器。如下
root@kali:~# msfconsole
......
msf>search portscan
Matching Modules================Name Disclosure Date Rank Description---- --------------- ---- -----------auxiliary/scanner/http/wordpress_pingback_access normal Wordpress Pingback Locator
auxiliary/scanner/natpmp/natpmp_portscan normal NAT-PMP External Port Scanner
auxiliary/scanner/portscan/ack normal TCP ACK Firewall Scanner
auxiliary/scanner/portscan/ftpbounce normal FTP Bounce Port Scanner
auxiliary/scanner/portscan/syn normal TCP SYN Port Scanner
auxiliary/scanner/portscan/tcp normal TCP Port Scanner
auxiliary/scanner/portscan/xmas normal TCP "XMas"Port Scanner
auxiliary/scanner/sap/sap_router_portscanner normal SAPRouter Port Scanner
msf>
Metasploit中ack扫描模块的使用过程
msf > use auxiliary/scanner/portscan/ack
msf auxiliary(ack)> set RHOSTS 202.193.58.13RHOSTS=> 202.193.58.13msf auxiliary(ack)> set THREADS 20THREADS=> 20msf auxiliary(ack)> run
Metasploit中ftpbounce扫描模块的使用过程
msf > use auxiliary/scanner/portscan/ftpbounce