1
00:00:00,820 --> 00:00:01,960
‫So, as you may know.

2
00:00:02,880 --> 00:00:11,370
‫And map is a great tool for scanning and enumeration, and thankfully, it integrates into MSF with

3
00:00:11,370 --> 00:00:13,920
‫the command DB and map.

4
00:00:14,610 --> 00:00:20,480
‫Now if you connect the MSF to a database, you can store the scan results for later use as well.

5
00:00:21,580 --> 00:00:31,540
‫By using an map, you can practically detect host and services on your target network and map has various

6
00:00:31,540 --> 00:00:33,160
‫features and scanning techniques.

7
00:00:34,250 --> 00:00:44,110
‫I'm not going to cover all of them here, but here I will make a skin scan, TCP scan and service detection

8
00:00:44,110 --> 00:00:45,250
‫on the target host.

9
00:00:46,000 --> 00:00:55,060
‫And then after this, you can either use and map from MSF console or use the DB and map command with

10
00:00:55,060 --> 00:00:57,610
‫almost all the options and MAP provides.

11
00:00:58,360 --> 00:01:04,890
‫But whenever you run the DB in MAP command, the scan results will be stored in the database automatically.

12
00:01:05,530 --> 00:01:12,910
‫However, you may also wish to import the scan results into another application, so you may want to

13
00:01:12,910 --> 00:01:15,590
‫export the scan results into an XML file.

14
00:01:16,270 --> 00:01:23,200
‫So let's open your terminal command and start the MSF console and to take advantage of the DB and MAP

15
00:01:23,200 --> 00:01:31,990
‫Command at this point must be connected to a database and then the usage is quite similar with the map

16
00:01:32,980 --> 00:01:34,530
‫actually and map.

17
00:01:34,570 --> 00:01:35,830
‫I don't want to discount it.

18
00:01:35,830 --> 00:01:37,120
‫It is a wonderful tool.

19
00:01:37,780 --> 00:01:42,210
‫Integrating it with MSF closes a huge gap while using netas point.

20
00:01:42,760 --> 00:01:49,090
‫So let's just simply use DBI and map as the command with and map as a parameters.

21
00:01:49,930 --> 00:01:56,950
‫So and map, as I said before, has a variety of options and different skin types to be able to enumerate

22
00:01:57,070 --> 00:01:57,660
‫the target.

23
00:01:58,420 --> 00:02:08,860
‫And one of them is the skin scan as best parameter is running just stealthy DCPI scan over the network

24
00:02:09,310 --> 00:02:15,460
‫and looks for TCP based open ports, but it doesn't complete the three way handshake.

25
00:02:17,010 --> 00:02:26,460
‫And Matt, DCPI, Skåne s t parameter, this runs a TCP connection over the network and looks for TCP

26
00:02:26,460 --> 00:02:28,440
‫based open ports as well.

27
00:02:28,800 --> 00:02:32,340
‫This, however, completes the three way handshake.

28
00:02:33,250 --> 00:02:40,240
‫And then the last one is service detection, it tries to detect the services on the target by sending

29
00:02:40,240 --> 00:02:44,310
‫some network probes and MAP is really smart.

30
00:02:44,890 --> 00:02:51,480
‫Number four, scanning all the hosts in a network it first identifies if the host is alive.

31
00:02:51,730 --> 00:02:59,050
‫So the plan option means you don't have to use the ICMP ping command to determine if the host is alive

32
00:02:59,470 --> 00:03:03,400
‫and the parameter specifies the port numbers.

33
00:03:03,790 --> 00:03:06,730
‫In this case, I want all the ports to be scanned.

34
00:03:10,060 --> 00:03:19,000
‫And we have the scan results for Métis Voidable two and three, see and Map did a good job and now everything

35
00:03:19,000 --> 00:03:20,590
‫is saved in the database.

36
00:03:20,920 --> 00:03:28,390
‫And now you can manage your hosts by using the hosts command and also you can view services by using

37
00:03:28,390 --> 00:03:29,350
‫the services command.

38
00:03:30,290 --> 00:03:34,970
‫Excellent syntax with a services command, you can actually go deeper.

39
00:03:35,510 --> 00:03:38,150
‫So let's have a look at the help screen for this command.

40
00:03:38,870 --> 00:03:48,710
‫You can perform specific searches and listings, enter the C parameter and then enter name and port

41
00:03:49,340 --> 00:03:51,140
‫to get this information.

42
00:03:52,940 --> 00:03:56,330
‫And you can search with the parameter.

43
00:03:58,360 --> 00:04:01,060
‫And now this is the host's command help screen.

44
00:04:01,900 --> 00:04:07,810
‫So like the services command, the C parameter will help you make specialist.

45
00:04:09,760 --> 00:04:14,860
‫Nope, it's wrong here, so I'm going to delete this empty character.

46
00:04:15,220 --> 00:04:16,340
‫OK, so now it's OK.

47
00:04:17,020 --> 00:04:18,790
‫So I want to show you one more common.

48
00:04:19,540 --> 00:04:21,790
‫It is the wall and s command.

49
00:04:22,820 --> 00:04:31,010
‫So it helps you to list the vulnerabilities of the hosts, however, you don't import any vulnerability

50
00:04:31,010 --> 00:04:32,930
‫scan as a result.

51
00:04:33,680 --> 00:04:40,280
‫So in addition to running and MAP or other third party scanners, there are several port scanners that

52
00:04:40,280 --> 00:04:42,700
‫are available in MSF for you as well.

53
00:04:43,310 --> 00:04:46,520
‫They come in as auxiliary modules.

54
00:04:47,780 --> 00:04:52,980
‫Now, besides using the DBE and Map Command, you can try one of these as well.

55
00:04:53,660 --> 00:04:54,710
‫So let's have a look at one of them.

56
00:04:55,780 --> 00:04:57,910
‫Let's list them with the search command.

57
00:05:02,050 --> 00:05:08,470
‫And here are the court scan modules listed, so now I'm going to pick the sin port scanner.

58
00:05:09,670 --> 00:05:16,240
‫The view, it's information that I get a short description and some variables, not much more.

59
00:05:17,590 --> 00:05:20,350
‫Now I want to show you the options.

60
00:05:21,770 --> 00:05:29,780
‫So I'm going to set our host to Métis, voidable two and three IP addresses, but let me say a couple

61
00:05:29,780 --> 00:05:30,650
‫of things at this point.

62
00:05:31,430 --> 00:05:38,970
‫You might remember I mentioned earlier that these variables define your targets, IP addresses or yours.

63
00:05:39,020 --> 00:05:47,450
‫So it's a pretty good example of the ease of use for MSRA because these types of variables take IP ranges,

64
00:05:47,450 --> 00:05:55,310
‫CEYDA ranges, multiple ranges separated by commas or lines, separated houseless files, then run the

65
00:05:55,310 --> 00:05:55,710
‫module.

66
00:05:56,000 --> 00:06:02,870
‫So if I don't change the default value for the port variable, the module is going to scan port numbers

67
00:06:02,870 --> 00:06:05,230
‫between one and ten thousand.

68
00:06:05,360 --> 00:06:06,530
‫It may take a few minutes.

69
00:06:07,070 --> 00:06:11,330
‫Now we've got the result and as you see here, the module did a really good job for us.

70
00:06:11,990 --> 00:06:17,270
‫So using these modules can come in really handy that you didn't know that, did you?