Metasploit, NMAP

Idle Scanning with Nmap and Metasploit

Idle Scanning allows blind port scanning. We can scan a target without sending any packets to this target, from our own IP address, while spoofing the IP address of another host on the network. Idle scanning allows us to be stealthy and let us discover IP based trust relationships between machines.

To achieve this type of scan we will need to locate a host that is idle on the network. Metasploit contains the module scanner/ip/ipidseq to scan for an idle host on the network. Let’s run scanner/ip/ipidseq module to discover an idle host on the net. Type:

use auxiliary/scanner/ip/ipidseq

hit enter


hit enter

set THREADS 50

hit enter


hit enter

To scan host for example using zombie pc at, we use

nmap -PN -sI

This post is part of my article about metasploit which was originally published in PenTest Magazine, August issue.