|
| 1 | +# Description |
| 2 | + |
| 3 | +This module is used to determine if the ports on target machine are closed. It sends probes containing the FIN, PSH and URG flags. Scan is faster and stealthier compared to some other scans. Following action are performed depending on the state of ports - |
| 4 | + |
| 5 | +#### OPEN|FILTERED Port: |
| 6 | +Detects open|filtered port via no response to the segment |
| 7 | + |
| 8 | +#### Closed Port: |
| 9 | +Detects a closed port via a RST received in response to the FIN |
| 10 | + |
| 11 | +# Required Permissions |
| 12 | + |
| 13 | + XMAS scan requires the use of raw sockets, and thus cannot be performed from some Windows |
| 14 | + systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges. |
| 15 | + |
| 16 | +# Options |
| 17 | + |
| 18 | + **PORTS** |
| 19 | + |
| 20 | + This is the list of TCP ports to test on each host. |
| 21 | + Formats like `1-3`, `1,2,3`, `1,2-3`, etc. are all supported. Default |
| 22 | + options is to scan `1-10000` ports. |
| 23 | + |
| 24 | + **Timeout** |
| 25 | + |
| 26 | + This options states the reply read timeout in milliseconds. Default value if `500`. |
| 27 | + |
| 28 | + **RHOSTS** |
| 29 | + |
| 30 | + The target address range is defined in this option. |
| 31 | + |
| 32 | + **VERBOSE** |
| 33 | + |
| 34 | + Gives detailed message about the scan of all the ports. It also shows the |
| 35 | + ports that were not open/filtered. |
| 36 | + |
| 37 | +# Verification Steps |
| 38 | + |
| 39 | + 1. Do: `use auxiliary/scanner/portscan/xmas` |
| 40 | + 2. Do: `set RHOSTS [IP]` |
| 41 | + 3. Do: `set PORTS [PORTS]` |
| 42 | + 4. Do: `run` |
| 43 | + 5. The open/filtered ports will be discovered, status will be printed indicating as such. |
| 44 | + |
| 45 | +# Scenarios |
| 46 | + |
| 47 | +### Metaspliotable 2 |
| 48 | + |
| 49 | +``` |
| 50 | +msf > use auxiliary/scanner/portscan/xmas |
| 51 | +msf auxiliary(xmas) > set rhosts 192.168.45.159 |
| 52 | +rhosts => 192.168.45.159 |
| 53 | +msf auxiliary(xmas) > set ports 1-100 |
| 54 | +ports => 1-100 |
| 55 | +msf auxiliary(xmas) > run |
| 56 | +
|
| 57 | +[*] TCP OPEN|FILTERED 192.168.45.159:1 |
| 58 | +[*] TCP OPEN|FILTERED 192.168.45.159:3 |
| 59 | +[*] TCP OPEN|FILTERED 192.168.45.159:5 |
| 60 | +[*] TCP OPEN|FILTERED 192.168.45.159:8 |
| 61 | +[*] TCP OPEN|FILTERED 192.168.45.159:12 |
| 62 | +[*] TCP OPEN|FILTERED 192.168.45.159:14 |
| 63 | +[*] TCP OPEN|FILTERED 192.168.45.159:16 |
| 64 | +[*] TCP OPEN|FILTERED 192.168.45.159:19 |
| 65 | +[*] TCP OPEN|FILTERED 192.168.45.159:21 |
| 66 | +[*] TCP OPEN|FILTERED 192.168.45.159:37 |
| 67 | +[*] TCP OPEN|FILTERED 192.168.45.159:39 |
| 68 | +[*] TCP OPEN|FILTERED 192.168.45.159:41 |
| 69 | +[*] TCP OPEN|FILTERED 192.168.45.159:43 |
| 70 | +[*] TCP OPEN|FILTERED 192.168.45.159:49 |
| 71 | +[*] TCP OPEN|FILTERED 192.168.45.159:52 |
| 72 | +[*] TCP OPEN|FILTERED 192.168.45.159:53 |
| 73 | +[*] TCP OPEN|FILTERED 192.168.45.159:55 |
| 74 | +[*] TCP OPEN|FILTERED 192.168.45.159:57 |
| 75 | +[*] TCP OPEN|FILTERED 192.168.45.159:59 |
| 76 | +[*] TCP OPEN|FILTERED 192.168.45.159:61 |
| 77 | +[*] TCP OPEN|FILTERED 192.168.45.159:63 |
| 78 | +[*] TCP OPEN|FILTERED 192.168.45.159:65 |
| 79 | +[*] TCP OPEN|FILTERED 192.168.45.159:67 |
| 80 | +[*] TCP OPEN|FILTERED 192.168.45.159:69 |
| 81 | +[*] TCP OPEN|FILTERED 192.168.45.159:73 |
| 82 | +[*] TCP OPEN|FILTERED 192.168.45.159:89 |
| 83 | +[*] TCP OPEN|FILTERED 192.168.45.159:91 |
| 84 | +[*] TCP OPEN|FILTERED 192.168.45.159:93 |
| 85 | +[*] TCP OPEN|FILTERED 192.168.45.159:95 |
| 86 | +[*] TCP OPEN|FILTERED 192.168.45.159:97 |
| 87 | +[*] TCP OPEN|FILTERED 192.168.45.159:99 |
| 88 | +[*] Scanned 1 of 1 hosts (100% complete) |
| 89 | +[*] Auxiliary module execution completed |
| 90 | +
|
| 91 | +``` |
0 commit comments