<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Nmap - and look up NSE scripts if you want more specific tests against certain services. OpenVas (built into Kali) is the open-source fork of Nessus.<div>You can have Nmap look at the exposed ports, use OpenVAS for both network and local (authenticated) scans for software versions and patches as well as CVEs. You'll get even more detailed info. There's even a Zenmap gui if you like.<br></div><div><br></div><div>Metasploit does have scanning modules, and most are protocol specific, although once you have either nmap or openvas scans, you can import them into metasploit. </div><div><br></div><div>Also things to look at are:</div><div><a href="https://github.com/robertdavidgraham/masscan" target="_blank">https://github.com/robertdavidgraham/masscan</a><br><br></div><div>And in an AD environment:</div><div><a href="https://github.com/BloodHoundAD/BloodHound" target="_blank">https://github.com/BloodHoundAD/BloodHound</a></div><div><a href="https://github.com/lgandx/Responder" target="_blank">https://github.com/lgandx/Responder</a><br></div><div><a href="https://github.com/byt3bl33d3r/CrackMapExec" target="_blank">https://github.com/byt3bl33d3r/CrackMapExec</a><br></div><div><br></div><div>Obviously, don't use these on anything you don't both own and/or have permission to test them on.</div><div><br></div></div></div></div></div></div><div class="gmail_quote"><div dir="ltr">On Mon, Dec 3, 2018 at 7:30 PM Arie vW via Ale <<a href="mailto:ale@ale.org" target="_blank">ale@ale.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div>What exactly are you looking for? nmap is the go-to port scanner (in my experience).<div dir="auto">Metasploit is more of a exploitation tool although it does have some auxiliary scanning modules too.</div><div dir="auto">I may not have fully understood your question, but I do know the majority of tools can be downloaded on any distro so there is no need to jump to Kali unless you want the whole shebang. Kali does have an ARM image nowadays I believe, but like I said, depending on what exactly you're looking for, probably a lot of unnecessary stuff. </div><div dir="auto">Also, check out nessus, I haven't played with it too much (I think there's a free version) but it kinda lays it out like shodan from what I remember. </div><div dir="auto"><br></div><div dir="auto">Arie</div><br><br><div class="gmail_quote"><div dir="ltr">On Mon, Dec 3, 2018, 5:35 PM Chris Fowler via Ale <<a href="mailto:ale@ale.org" target="_blank">ale@ale.org</a> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><div>Recently I've been playing with Shodan and I really like it. I would really like to see info like it provides, but for systems in private address space. I could proxyarp a private machine I'm testing to a public address, but I need a commercial API key to trigger the shodan mothership to scan it. <br></div><div><br></div><div>Does Metasploit provide the same info? I can load Kali Linux on a Pi Zero W and have it scan the local subnet. <br></div><div><br></div><div>Chris<br></div></div></div>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" rel="noreferrer" target="_blank">Ale@ale.org</a><br>
<a href="https://mail.ale.org/mailman/listinfo/ale" rel="noreferrer noreferrer" target="_blank">https://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div></div></div>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="https://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">https://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div></div>