Cheat sheet de Metasploit 2.0

Módulos para usar Metasploit

Posted Jul 24, 2024 Updated Jul 24, 2024

By EtherGroup

1 min read

INFORMATION GATHERING

msf > use auxiliary/gather/enum_dns
msf auxiliary(enum_dns) > set DOMAIN packtpub.com DOMAIN => packtpub.com
msf auxiliary(enum_dns) > set THREADS 10
msf auxiliary(enum_dns) > set ENUM_BRT true
msf auxiliary(enum_dns) > run

msf > use auxiliary/gather/corpwatch_lookup_name

msf > use auxiliary/gather/searchengine_subdomains_collector

msf > use auxiliary/gather/censys_search
msf auxiliary(censys_search) > set CENSYS_DORK packtpub.com CENSYS_DORK => packtpub.com
msf auxiliary(censys_search) > set CENSYS_SEARCHTYPE ipv4 CENSYS_SEARCHTYPE => ipv4
msf auxiliary(censys_search) > set CENSYS_SECRET JIxvPzj0RJkqOqd9cFNRYqNkHzH7E3en CENSYS_SECRET => JIxvPzj0RJkqOqd9cFNRYqNkHzH7E3en
msf auxiliary(censys_search) > set CENSYS_UID ec421f73- d438-1c48-15b3-5de240bef531 CENSYS_UID => ec421f73-d438-1c48-15b3-5de240bef531
msf auxiliary(censys_search) > run
...
[+] 138.68.148.235 - 443/https,22/ssh,80/http
[+] 83.166.169.235 - 80/http
[+] 83.166.169.228 - 80/http
[+] 151.248.166.228 - 443/https,80/http
[+] 151.248.166.228 - 443/https,80/http [*] Auxiliary module execution completed msf auxiliary(censys_search) >

msf > use auxiliary/gather/shodan_search

msf > use auxiliary/gather/shodan_honeyscore

msf > auxiliary/gather/search_email_collector

msf > db_nmap -Pn -sTV -T4 --open --min-parallelism 64 --version-all 192.168.216.10 -p -

-Pn  : Treat all hosts as Online, skip host discovery
-sTV : Perform a tcp connect scan
-T4  : Set timing to template 4 for it to scan faster
--min-parallelism : set minimum amount of parallel proceses at one time
--version-all : to try every single probe in order to identify a more specific version of the service running on an open port
-p - : Specify that all ports will be scanned

msf > db_nmap --open -sTV -Pn -p 80,443,8000,8080,8585 --script=http- vhosts,http-userdir-enum,http-apache-negotiation,http-backup-finder,http- config-backup,http-default-accounts,http-methods,http-method-tamper,http- passwd,http-robots.txt,ssl-poodle,ssl-heartbleed,http-webdav-scan,http-iis- webdav-vuln 192.168.216.10

msf > use auxiliary/scanner/discovery/arp_sweep

msf5 > use auxiliary/scanner/discovery/udp_sweep 

msf5 > use auxiliary/scanner/smb/smb_enumshares 

msf > use auxiliary/scanner/smb/smb_enumshares

msf > use auxiliary/scanner/smb/smb_version

msf > use auxiliary/scanner/ssh/ssh_login
msf > use auxiliary/scanner/ssh/ssh_login

NESSUS

Update Nessus Activation Code

./nessuscli fetch --register <code>

In metasploit:

load nessus
nessus_help
nessus_connect <user>:<passwd>@127.0.0.1

One has to create Nessus policy in the web client before we use em

HACKING

This post is licensed under CC BY 4.0 by the author.

NESSUS

Trending Tags