Table of Contents

In this article, we will discuss combining Nmap and Metasploit together to perform port scanning and enumerate for vulnerabilities.

There certain cases where we can’t just go and run noisy scans with Nmap on our target due to various reasons among which you doing a black box test for your client and there is a firewall or IDS in place that would thwart or alert sysadmins about your Nmap scans.

So combining two of the most effective tools used in the arena of penetration testing becomes more sensible and plausible for us.

Let’s assume that we have a client machine assigned to us to perform port scanning and report vulnerabilities.

Get OSCP Certificate Notes

Scanning For open ports on the client machine with Metasploit

We start with launching Metasploit and using the port scanner module

msf 5> use auxiliary/scanner/portscan/tcp

Scanning For open ports on the client machine with Metasploit

Next we set the options for this module with ‘show options’

We set the RHOSTS with the IP/IP(s) of our client machine(s) and if we want to customize the scan for specific ports we can do that by changing PORTS

msf 5 >set PORTS 22,25,80,110,21

After running the scan, we will have an output displaying the open ports on the target client machine we specified earlier.

Combining Nmap with Metasploit for a more detailed and in-depth scan on the client machine

Once we get a clear vision on the open ports, we can start enumerating them to see and find the running services alongside their version.

msf 5> db_nmap -sV -p 80,22,110,25 192.168.94.134

and this is what we got

Scanning for vulnerabilities with Nmap and Metasploit

Once we are able to find the open ports and the corresponding services running on them, we can carry on our scan to look for detailed version numbers on every service running on each port so we can then try different auxiliary modules on Metasploit to find possible exploits.

msf 5> db_nmap -sV -A -p 80,22,110,25 192.168.94.134

and we would get the following

Our next step would be to use Searchsploit to find exploits for the services’ versions we have discovered or we can use the auxiliary modules built-in Metasploit.

and here is a complete video walkthrough

Metasploit, OSCP

Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

Using Metasploit and Nmap to enumerate and scan for vulnerabilities

Scanning For open ports on the client machine with Metasploit

Combining Nmap with Metasploit for a more detailed and in-depth scan on the client machine

Scanning for vulnerabilities with Nmap and Metasploit

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Press ESC to close

Using Metasploit and Nmap to enumerate and scan for vulnerabilities

Scanning For open ports on the client machine with Metasploit

Combining Nmap with Metasploit for a more detailed and in-depth scan on the client machine

Scanning for vulnerabilities with Nmap and Metasploit

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Share Article:

You might also like

Blue Team SOC Real World Case Studies | Complete Walkthrough | TryHackMe Boogeyman 1,2,3

Auditing Explained in IT & Information Security

Real World Phishing Email Analysis | TryHackMe Snapped Phishing Line