The module we will be using for this demonstration is ftp_version.rb from scanners in the auxiliary section.

Let us select the module using the use command and check what different options are required by the module for it to work:

We can see we have a number of modules to work with. However, for now, let us use the ftp_version module, as shown in the following screenshot:

To scan the entire network, let's set RHOSTS to 192.168.10.0/24 (0-255) and also increase the number of threads for a speedy operation:

Let's run the module and analyze the output:

We can see we have scanned the entire network and found two hosts running FTP services, which are...

Let us now jump into Metasploit-specific modules for testing the MSSQL server and see what kind of information we can gain by using them.

The very first auxiliary module that we will be using is mssql_ping. This module will gather service information related to the MSSQL server.

So, let us load the module and start the scanning process as follows:

We can clearly see that mssql_ping has generated an excellent output of the fingerprinted MSSQL service.

Metasploit also offers...

Let us perform a TCP port scan of a different network as shown in the following screenshot:

We will be using the tcp scan module listed under auxiliary/scanner/portscan, as shown in the preceding screenshot. Let's run the module and analyze the results as follows:

We can see that we found two services only that don't look that appealing. Let us also perform a UDP sweep of the network and check if we can find something interesting:

To carry out a UDP sweep, we will use the auxiliary/scanner/discovery/udp_sweep module as shown in the preceding screenshot. Next, we only need to provide the network range by setting the RHOSTS option. Additionally, you can increase the number of threads as well. Let's run the module and analyze results:

Amazing! We can see plenty of results generated by the UDP sweep module. Additionally, a...

Netbios services also provide vital information about the target and help us uncover the target architecture, operating system version, and many other things. To scan a network for NetBIOS services, we can use the nbname module from auxiliary/scanner/netbios, as shown in the following screenshot:

As we did previously, we set the RHOSTS to the entire network by providing the CIDR identifier. Let's run the module and analyze the results as follows:

We can see that we have almost every system running the NetBIOS service on the network listed in the preceding screenshot. This information provides us with useful evidence for the operating system type, name, domain, and related IP addresses of the systems.

Metasploit allows us to perform fingerprinting of various HTTP services. Additionally, Metasploit contains a large number of exploit modules targeting different kinds of web servers. Hence, scanning HTTP services not only allows for fingerprinting the web servers, but it builds a base of web server vulnerabilities that Metasploit can attack later. Let us use the http_version module and run it against the network as follows:

Let's execute the module after setting up all the necessary options such as RHOSTS and Threads as follows:

The http_version module from Metasploit has successfully fingerprinted various web server software and applications in the network. We will exploit some of these services in Chapter 3, Exploitation and Gaining Access. We saw how we could fingerprint HTTP services, so let's try figuring out if we can scan...