Host Discovery with Metasploit

Host discovery is the process of identifying live hosts on a network. Alive is considered a host that responds to ping or have a particular port open.

ARP Scanning
ARP (Address Resolution Protocol) is a protocol for resolution of network layer addresses into link layer addresses. The ARP protocol is designed to allow it to be used for any link layer and network layer protocols. ARP is a non-routable protocol and can only be used between systems on the same Ethernet network. We can use scanner module arp_sweep to discover and fingerprint IP hosts on the local network. To use it type,

use auxiliary/scanner/discovery/arp_sweep

Select the whole local network to scan, for ex. set RHOSTS 192.168.1.0/24 and run the module.

UDP Probe
With the User Datagram Protocol (UDP) can send messages, datagrams, to other hosts on an Internet Protocol (IP) network. There is no guarantee of delivery, ordering or duplicate protection. UDP is suitable for purposes where error checking and correction is either not necessary or performed in the application, avoiding the overhead of such processing at the network interface level. UDP is one of the most famous network protocols and it is widely used. Let’s see how we can probe known udp ports to discover live hosts on the network. Metasploit offers module udp_probe to discover live hosts on the network by scanning an ip or a range of ips for open udp ports. To select it, type

use auxiliary/scanner/discovery/udp_probe

Set RHOSTS option and run the module to get a list of live hosts.

 
This post is part of my article about metasploit which was originally published in PenTest Magazine, August issue.

%d bloggers like this: