# Metasploit scanners

### TCP port scanner

```
use auxiliary/scanner/portscan/tcp
set RHOSTS 192.180.108.3
set verbose false
set ports 1-1000
exploit
```

<figure><img src="/files/O5Zz7iV6NnTSrt5hM1lw" alt=""><figcaption></figcaption></figure>

### Upload a Nmap Binary and use it to scan the target

Check the static binaries available in the "/usr/bin/" directory.

**Command:**

```
ls -al /root/static-binaries/nmap
file /root/static-binaries/nmap
```

<figure><img src="https://assets.ine.com/lab/learningpath/febcb41de329b1e7454fdb6d1cf4d9413c00d4f9f90ced1d7f5f5015e278e200.png" alt=""><figcaption></figcaption></figure>

**Step 1:** Background the Metasploit session and create a bash port scanning script.

Press CTRL+z to background the Metasploit session.

Using the script provided at \[<https://catonmat.net/tcp-port-scanner-in-bash>] as a reference, create a bash script to scan the first 1000 ports

**Command:**

```
#!/bin/bash
for port in {1..1000}; do
 timeout 1 bash -c "echo >/dev/tcp/$1/$port" 2>/dev/null && echo "port $port is open"
done
```

Save the script as bash-port-scanner.sh

<figure><img src="https://assets.ine.com/lab/learningpath/a03d047c3ae7d17e3fa9fcbee0d73d58d9cff0477f5c5713bf1fe294dce0e57e.png" alt=""><figcaption></figcaption></figure>

**Step 2:** Foreground the Metasploit session and switch to the meterpreter session.

Press "fg" and press enter to foreground the Metasploit session.

**Command:**

```
sessions -i 1
```

<figure><img src="https://assets.ine.com/lab/learningpath/8c9f59c24e771b90b19ccdc1d80af743da90106f6b726d804d162ab80e347648.png" alt=""><figcaption></figcaption></figure>

**Step 3:** Upload the nmap static binary and the bash port scanner script to the target machine.

**Command:**

```
upload /root/static-binaries/nmap /tmp/nmap
upload /root/bash-port-scanner.sh /tmp/bash-port-scanner.sh
```

<figure><img src="https://assets.ine.com/lab/learningpath/c8faf7f1d158102bda7fad6f0c69e0786c2b1802dcdb4019648255ff32df3c88.png" alt=""><figcaption></figcaption></figure>

**Step 4:** Make the binary and script executable and use the bash script to scan the second target machine.

**Command:**

```
shell
cd /tmp/
chmod +x ./nmap ./bash-port-scanner.sh
./bash-port-scanner.sh 192.180.108.3
```

<figure><img src="https://assets.ine.com/lab/learningpath/84762f9c9a39a0b12cf856a78b2415c5d4427ddea7774f17748850bf475d3551.png" alt=""><figcaption></figcaption></figure>

Three ports are open on the target machine, ports 21, 22 and 80.

**Step 5:** Using the nmap binary, scan the target machine for open ports.

**Command:**

```
./nmap -p- 192.180.108.3
```

<figure><img src="https://assets.ine.com/lab/learningpath/920fb88f8b96c31ecbba0c054c1ee27593570e7d2540f6b47199b5bc3150226c.png" alt=""><figcaption></figcaption></figure>

The services running on the target machine are FTP, SSH and HTTP.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.cavementech.com/pentesting-quick-reference/scanning/metasploit-scanners.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.