You are currently viewing How to use Metasploit
Metasploit scanning

How to use Metasploit

Metasploit

Metasploit is an exploitation and vulnerability validation tool that helps you divide the penetration testing workflow into smaller and more manageable tasks. With Metasploit Pro, you can leverage the power of the Metasploit Framework and its exploit database through a web based user interface to perform security assessments and vulnerability validation. READ MORE

Lab Setup

Metasploit_lab

 When your target systems are located on the same network as your attacking machine, you can enumerate system by performing and ARP scan

Open the Metasploit

** Open terminal **
** Run Command **
$sudo msfdb init && sudo msfconsole
Metasploit_tg8_01

// ---- ARP Sweep ----//

> search arp_sweep
Metasploit_tg8

To perform the ARP scanning we need to pass our MAC address and source IP address to the scanner for it to function properly.

> set RHOSTS 192.168.56.100-200
Metasploit_p3
> set SHOST 192.168.1.105
Metasploit_tg8
> set SMAC 08:00:27:a6:1f:86
Metasploit
> set thread 50
metasploit_p6
> run
metasploit_p7

// ---- UDP Sweep ----//

The udp_sweep module scans across a give range of hosts to detect commonly available UDP services.

Open the Metasploit

** Open terminal **
** Run Command **
$sudo msfdb init && sudo msfconsole
Metasploit_tg8_01
> search udp_sweep
> use auxiliary/scanner/discovery/udp_sweep
> show options
> set RHOSTS 192.168.56.100-200
> set thread 250
> run

// ---- IMAP Version ----//

The imap_version auxiliary module is relatively simple banner grabber for IMAP servers. To configure the module, we will only set the RHOST and THREADS values and let it run.

Open the Metasploit

** Open terminal **
** Run Command **
$sudo msfdb init && sudo msfconsole
Metasploit_tg8_01
> search imap_version
> use auxiliary/scanner/imap/imap_version
> show options
> set RHOSTS 192.168.56.100-200
> set thread 40
> run

The latest tips and news from the industry straight to your inbox!

Join subscription for execlusive access to our monthly newsletter with insight to the cyber security.

Leave a Reply