1
00:00:00,800 --> 00:00:01,940
So, as you may know.

2
00:00:02,860 --> 00:00:11,350
And map is a great tool for scanning and enumeration, and thankfully, it integrates into MSF with

3
00:00:11,350 --> 00:00:13,850
the command DB and map.

4
00:00:14,560 --> 00:00:20,460
Now if you connect the MSF to a database, you can store the scan results for later use as well.

5
00:00:21,560 --> 00:00:31,520
By using an map, you can practically detect hosts and services on your target network and map has various

6
00:00:31,520 --> 00:00:33,140
features and scanning techniques.

7
00:00:34,220 --> 00:00:44,060
I'm not going to cover all of them here, but here I will make a skin scan, TCP scan and service detection

8
00:00:44,060 --> 00:00:45,230
on the target host.

9
00:00:45,980 --> 00:00:55,040
And then after this, you can either use and map from MSF console or use the DB and map command with

10
00:00:55,040 --> 00:00:57,590
almost all the options and MAP provides.

11
00:00:58,340 --> 00:01:04,790
But whenever you run the DB in MAP command, the scan results will be stored in the database automatically.

12
00:01:05,510 --> 00:01:12,890
However, you may also wish to import the scan results into another application, so you may want to

13
00:01:12,890 --> 00:01:15,560
export the scan results into an XML file.

14
00:01:16,280 --> 00:01:23,180
So let's open your terminal command and start the MSF console and to take advantage of the DB and MAP

15
00:01:23,180 --> 00:01:31,580
Command at this point must be connected to a database and then the usage is quite similar with the end

16
00:01:31,640 --> 00:01:34,520
map actually and map.

17
00:01:34,550 --> 00:01:37,100
I don't want to discount it is a wonderful tool.

18
00:01:37,760 --> 00:01:41,900
Integrating it with MSF closes a huge gap while using netas.

19
00:01:42,740 --> 00:01:49,070
So let's just simply use DBI and map as the command with and map as the parameters.

20
00:01:49,880 --> 00:01:56,930
So and map, as I said before, has a variety of options and different skin types to be able to enumerate

21
00:01:57,050 --> 00:01:57,640
the target.

22
00:01:58,400 --> 00:02:04,000
And one of them is the skin scan as best parameter.

23
00:02:04,810 --> 00:02:13,940
This just stealthy DCPI scan over the network and looks for TCP based open ports, but it doesn't complete

24
00:02:14,060 --> 00:02:15,410
the three way handshake.

25
00:02:16,990 --> 00:02:26,440
And Matt, DCPI, Skåne s t parameter, this runs a TCP connection over the network and looks for TCP

26
00:02:26,440 --> 00:02:28,420
based open ports as well.

27
00:02:28,780 --> 00:02:32,320
This, however, completes the three way handshake.

28
00:02:33,230 --> 00:02:40,220
And then the last one is service detection, it tries to detect the services on the target by sending

29
00:02:40,220 --> 00:02:41,870
some network probes.

30
00:02:42,740 --> 00:02:50,900
And MAP is really smart number for scanning all the hosts in a network it first identifies if the host

31
00:02:50,900 --> 00:02:51,460
is alive.

32
00:02:51,710 --> 00:02:59,780
So the plan option means you don't have to use the ICMP Pinkman to determine if the host is alive and

33
00:02:59,780 --> 00:03:03,360
the parameter specifies the port numbers.

34
00:03:03,770 --> 00:03:06,710
In this case, I want all the ports to be scanned.

35
00:03:10,100 --> 00:03:18,980
And we have the scan results for Métis Voidable two and three, see and Map did a good job and now everything

36
00:03:18,980 --> 00:03:20,540
is saved in the database.

37
00:03:20,900 --> 00:03:28,340
And now you can manage your hosts by using the hosts command and also you can view services by using

38
00:03:28,340 --> 00:03:29,330
the services command.

39
00:03:30,260 --> 00:03:34,950
Excellent syntax with a services command, you can actually go deeper.

40
00:03:35,480 --> 00:03:38,120
So let's have a look at the help screen for this command.

41
00:03:38,840 --> 00:03:48,710
You can perform specific searches and listings, enter the C parameter and then enter name and port

42
00:03:49,310 --> 00:03:51,110
to get this information.

43
00:03:52,890 --> 00:03:56,310
And you can search with the parameter.

44
00:03:58,330 --> 00:04:05,770
And now this is the host's command help screen, so like the services command, the C parameter will

45
00:04:05,800 --> 00:04:07,780
help you make specialist.

46
00:04:09,730 --> 00:04:14,830
Nope, it's wrong here, so I'm going to delete this empty character.

47
00:04:15,190 --> 00:04:16,310
OK, so now it's OK.

48
00:04:16,990 --> 00:04:18,760
So I want to show you one more command.

49
00:04:19,540 --> 00:04:21,760
It is the vowel and s command.

50
00:04:22,800 --> 00:04:30,960
So it helps you to list the vulnerabilities of the hosts, however, you don't import any vulnerability

51
00:04:30,960 --> 00:04:32,890
scan as a result.

52
00:04:33,660 --> 00:04:40,260
So in addition to running and MAP or other third party scanners, there are several port scanners that

53
00:04:40,260 --> 00:04:42,680
are available in MSF for you as well.

54
00:04:43,290 --> 00:04:46,500
They come in as auxiliary modules.

55
00:04:47,760 --> 00:04:52,960
Now, besides using the DB and Map Command, you can try one of these as well.

56
00:04:53,640 --> 00:04:54,680
So let's have a look at one of them.

57
00:04:55,770 --> 00:04:57,900
Let's list them with the search command.

58
00:05:02,040 --> 00:05:08,460
And here are the ports scan modules listed, so now I'm going to pick the sin port scanner.

59
00:05:09,670 --> 00:05:10,900
The view, it's information.

60
00:05:11,810 --> 00:05:16,220
I get a short description and some variables, not much more.

61
00:05:17,540 --> 00:05:20,330
Now I want to show you the options.

62
00:05:21,730 --> 00:05:29,770
So I'm going to set our host to meet us, voidable two and three IP addresses, but let me say a couple

63
00:05:29,770 --> 00:05:30,610
of things at this point.

64
00:05:31,390 --> 00:05:38,980
You might remember I mentioned earlier that these variables define your targets, IP addresses or yours.

65
00:05:39,010 --> 00:05:47,440
So it's a pretty good example of the ease of use for MSF because these types of variables take IP ranges,

66
00:05:47,440 --> 00:05:55,300
CEYDA ranges, multiple ranges separated by commas or lines, separated houseless files, then run the

67
00:05:55,300 --> 00:05:55,670
module.

68
00:05:55,990 --> 00:06:02,830
So if I don't change the default value for the port variable, the module is going to scan port numbers

69
00:06:02,830 --> 00:06:05,200
between one and 10000.

70
00:06:05,350 --> 00:06:06,470
It may take a few minutes.

71
00:06:07,030 --> 00:06:11,290
Now we've got the results and as you see here, the module did a really good job for us.

72
00:06:11,950 --> 00:06:17,230
So using these modules can come in really handy that you didn't know that, did you?