ClsHack:Computer Security Blog    

Metasploit for Information Gathering :D

Posted on: 12 February 2012

I have already spoken of Information Gathering, which:
[tutorial]Tool for Information Gathering

Da wikipedia, in general:

Intelligence assessment is the development of forecasts of behaviour or recommended courses of action to the leadership of an organization, based on a wide range of available information sources both overt and covert. Assessments are developed in response to requirements declared by the leadership in order to inform decision making. Assessment may be carried out on behalf of a state, military or commercial organisation with a range of available sources of information available to each.
An intelligence assessment reviews both available information and previous assessments for relevance and currency, where additional information is required some collection may be directed by the analyst.

With metasploit you can replace all the tools mentioned above as theHarvester, http banner, dirbuster and the like :)

Let's see how to proceed :D
The first thing to do, as always, is to update Metasploit:

sudo msfupdate

We start Metasploit:
sudo msfconsole

Now let the modules:
search auxiliary/gather/
There will come a series of modules to search a bit’ of things, I state that there is still some’ confusion about the management of categories in Metasploit vv :)

Let's see how to locate some’ in email :D
use auxiliary/gather/search_email_collector
We look at the options:
show options
And to run it:
set domain NAME.EXAMPLE

and
run
Example:
set domain gmail.com
run
To find the sub domains, we can use the form:
use auxiliary/gather/dns_enum
set domain WEBSITE
and
run

Other useful scanner, which are not gather in the category are the following:

HTTP:
auxiliary/scanner/http/backup_file
auxiliary/scanner/http/apache_userdir_enum
auxiliary/scanner/http/brute_dirs
auxiliary/scanner/http/crawler
auxiliary/scanner/http/dir_scanner
auxiliary/scanner/http/dir_listing
auxiliary/scanner/http/files_dir
auxiliary/scanner/http/http_version
auxiliary/scanner/http/http_put
auxiliary/scanner/http/options
auxiliary/scanner/http/robots_txt
auxiliary/scanner/http/ssl
auxiliary/scanner/http/svn_scanner
auxiliary/scanner/http/trace
auxiliary/scanner/http/vhost_scanner
auxiliary/scanner/http/web_vulndb
auxiliary/scanner/http/webdav_internal_ip
auxiliary/scanner/http/webdav_scanner
FTP:
auxiliary/scanner/ftp/anonymous
auxiliary/scanner/ftp/ftp_login
auxiliary/scanner/ftp/ftp_version
PORT SCANNER:
auxiliary/scanner/portscan/ack
auxiliary/scanner/portscan/ftpbounce
auxiliary/scanner/portscan/syn
auxiliary/scanner/portscan/tcp
auxiliary/scanner/portscan/xmas
OTHER
auxiliary/scanner/ssh/ssh_version
auxiliary/scanner/ssh/ssh_login_pubkey
auxiliary/scanner/ssh/ssh_identify_pubkeys
auxiliary/scanner/snmp/snmp_set
auxiliary/scanner/snmp/snmp_enumusers
auxiliary/scanner/snmp/snmp_enumshares
auxiliary/scanner/snmp/snmp_enum
auxiliary/scanner/smtp/smtp_version
auxiliary/scanner/smtp/smtp_enum
auxiliary/scanner/sip/enumerator
auxiliary/scanner/sip/options
auxiliary/scanner/voice/recorder
auxiliary/scanner/vnc/vnc_none_auth
auxiliary/scanner/x11/open_x11

For the local network you can use a script ready in Metasploit :D
sudo msfupdate
We set a rhosts global:
setg RHOSTS 192.168.1.1/24
Now the seventh db:
(watch the first part of this guide =>
Tutorial Metasploit WMAP 1.0 :))
sudo service postgresql start
db_connect backbox:password@127.0.0.1:5432/metasploit3
We start the script :D

resource basic_discovery.rc

Modules there are so many I've skipped a bit’ because I could no longer cut and paste :D

Just use the search and Metasploit can turn into big scanner as nessus and openvas.

Have fun :D

Related posts:

  1. [tutorial]Tool for Information Gathering
  2. [Metasploit]How-To Auxiliary Scanner
  3. Tutorial Metasploit WMAP 1.0 :)
  4. Metasploit 3.4 and Metasploitable
  5. [PDF]Download Metasploit Unleashed

This entry was posted on Sunday, February 12th, 2012 at 1:19 pm and is filed under GNU/Linux, Hacking, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Tagged with: