[ale] Metasploit vs Shodan

George Allen glallen01 at gmail.com
Wed Dec 12 23:52:42 EST 2018


Nmap - and look up NSE scripts if you want more specific tests against
certain services. OpenVas (built into Kali) is the open-source fork of
Nessus.
You can have Nmap look at the exposed ports, use OpenVAS for both network
and local (authenticated) scans for software versions and patches as well
as CVEs. You'll get even more detailed info. There's even a Zenmap gui if
you like.

Metasploit does have scanning modules, and most are protocol specific,
although once you have either nmap or openvas scans, you can import them
into metasploit.

Also things to look at are:
https://github.com/robertdavidgraham/masscan

And in an AD environment:
https://github.com/BloodHoundAD/BloodHound
https://github.com/lgandx/Responder
https://github.com/byt3bl33d3r/CrackMapExec

Obviously, don't use these on anything you don't both own and/or have
permission to test them on.

On Mon, Dec 3, 2018 at 7:30 PM Arie vW via Ale <ale at ale.org> wrote:

> What exactly are you looking for? nmap is the go-to port scanner (in my
> experience).
> Metasploit is more of a exploitation tool although it does have some
> auxiliary scanning modules too.
> I may not have fully understood your question, but I do know the majority
> of tools can be downloaded on any distro so there is no need to jump to
> Kali unless you want the whole shebang. Kali does have an ARM image
> nowadays I believe, but like I said, depending on what exactly you're
> looking for, probably a lot of unnecessary stuff.
> Also, check out nessus, I haven't played with it too much (I think there's
> a free version) but it kinda lays it out like shodan from what I remember.
>
> Arie
>
>
> On Mon, Dec 3, 2018, 5:35 PM Chris Fowler via Ale <ale at ale.org wrote:
>
>> Recently I've been playing with Shodan and I really like it.  I would
>> really like to see info like it provides, but for systems in private
>> address space.  I could proxyarp a private machine I'm testing to a public
>> address, but I need a commercial API key to trigger the shodan mothership
>> to scan it.
>>
>> Does Metasploit provide the same info?  I can load Kali Linux on a Pi
>> Zero W and have it scan the local subnet.
>>
>> Chris
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20181212/4294d9d0/attachment.html>


More information about the Ale mailing list