LabEx
Log InJoin Free

Metasploit Auxiliary Scanning Modules

LinuxBeginner
Practice Now

Introduction

The Metasploit Framework is a powerful open-source tool used for penetration testing, vulnerability assessment, and exploit development. While it is famous for its vast collection of exploits, it also includes a suite of "auxiliary" modules. These modules perform tasks that don't involve direct exploitation, such as scanning, fuzzing, sniffing, and reconnaissance.

In this lab, you will learn how to use one of Metasploit's most fundamental auxiliary modules: the TCP port scanner. You will learn how to select a module, configure its options like target hosts and ports, and execute the scan to discover open ports on a target machine.

Use Port Scanner Module with use auxiliary/scanner/portscan/tcp

In this step, you will start the Metasploit Framework console and select the TCP port scanner module.

First, you need to launch the Metasploit console. This is the primary interface for interacting with the framework. Open your terminal and run the following command:

msfconsole -q

The -q flag stands for "quiet," which suppresses the startup banner for a cleaner interface. Once it loads, you'll see the Metasploit command prompt, which looks like msf >.

Next, you will use the use command to select the auxiliary module for TCP port scanning. This command loads the specified module and prepares it for configuration.

Type the following command into the Metasploit prompt:

use auxiliary/scanner/portscan/tcp

After executing the command, you will notice that your prompt changes to reflect the currently loaded module. This confirms that you are now working within the context of the TCP port scanner.

Your prompt should now look like this:

msf auxiliary(scanner/portscan/tcp) >

Set Scan Range with set RHOSTS 192.168.1.0/24

In this step, you will configure the target for your scan. In Metasploit, the target hosts are defined by the RHOSTS (Remote Hosts) variable.

Before running a module, you must tell it where to direct its actions. The set command is used to configure module options. RHOSTS can be a single IP address, a hostname, a range of IPs (e.g., 192.168.1.10-192.168.1.20), or a network range in CIDR notation (e.g., 192.168.1.0/24).

For this lab, we will scan the local machine to find the services that were started by the setup script. The IP address for the local machine is 127.0.0.1.

Use the set command to define your target:

set RHOSTS 127.0.0.1

Metasploit will confirm the setting by printing the variable and its new value:

RHOSTS => 127.0.0.1

To see all available options for the current module and verify your settings, you can use the show options command at any time.

Configure Ports with set PORTS 1-1000

In this step, you will specify which ports to scan on the target host. By default, the scanner might only check a small list of common ports. To perform a more thorough scan, you need to configure the PORTS variable.

The PORTS option accepts a comma-separated list of ports (e.g., 22,80,443) or a range of ports (e.g., 1-1024). The setup script for this lab started services on ports 999 and 8000. To ensure our scan finds them, we will scan a wide range of ports.

Let's set the port range from 1 to 10000. Use the set command again:

set PORTS 1-10000

The console will confirm the change:

PORTS => 1-10000

Now your scanner is configured to check every port from 1 to 10000 on the target host 127.0.0.1.

Run Scan with run Command

In this step, you will execute the port scan. With the module selected and all necessary options (RHOSTS and PORTS) configured, you are ready to launch the scanner.

The run command (or its alias, exploit) tells Metasploit to execute the currently loaded module with the settings you have provided.

To start the scan, simply type:

run

Metasploit will begin the scanning process. It will attempt to connect to each port in the specified range on the target host. When it finds a port that is open, it will print a message to the console. You should see output indicating the open ports that we set up earlier.

The output will look similar to this:

[+] 127.0.0.1             - 127.0.0.1:22 - TCP OPEN
[+] 127.0.0.1             - 127.0.0.1:3002 - TCP OPEN
[+] 127.0.0.1             - 127.0.0.1:3001 - TCP OPEN
[+] 127.0.0.1             - 127.0.0.1:5433 - TCP OPEN
[*] 127.0.0.1             - Scanned 1 of 1 hosts (100% complete)

This output confirms that the scanner successfully identified the open ports on the local machine.

Analyze Scan Results with jobs -l

In this step, you will learn how to manage Metasploit tasks as background jobs. While the scan results were printed directly to your screen in the previous step, longer tasks are often run in the background to keep the console free for other commands.

To run a module as a background job, you can add the -j flag to the run command. Let's try this with our port scanner.

run -j

This time, instead of waiting for the scan to finish, you will immediately get the prompt back. Metasploit will inform you that the module is running as a background job.

[*] Auxiliary module running as background job 1.

Press Enter to continue.

To see a list of all running background jobs, you can use the jobs command. The -l flag provides a more detailed listing.

jobs -l

The output will show you the job's ID, name, and status.

Jobs
====

  Id  Name                             Payload  Payload opts
  --  ----                             -------  ------------
  1   Auxiliary: scanner/portscan/tcp

The jobs command is essential for managing multiple tasks, such as running a long scan while configuring another exploit. You can interact with jobs using their ID, for example, to view their output or to stop them.

Summary

Congratulations on completing the lab! You have successfully used a Metasploit auxiliary module to perform a network port scan.

In this lab, you learned how to:

  • Launch the Metasploit Framework console (msfconsole).
  • Select an auxiliary module using the use command.
  • Configure module options like RHOSTS and PORTS with the set command.
  • Execute a module with the run command.
  • Run modules as background tasks and manage them with the jobs command.

Port scanning is a critical first step in any penetration test, and Metasploit provides a powerful and flexible way to perform this task. This is just one of hundreds of auxiliary modules available. We encourage you to explore other modules for different types of scanning and reconnaissance.

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

linux
Become a Junior System Administrator

Become a Junior System Administrator

linuxshell
Linux for Noobs

Linux for Noobs

linux