|
| 1 | +#Description |
| 2 | + |
| 3 | +This module is used to determine if the ports on target machine are closed. In this scan sends probes containing the FIN, PSH and URG flags. |
| 4 | + |
| 5 | +This scan is faster and stealthier compared to some other scans.Following action are performed depending on the state of ports - |
| 6 | + |
| 7 | +####Open Port: |
| 8 | +Detects an open port via no response to the segment |
| 9 | + |
| 10 | +####Closed Port: |
| 11 | +Detects that a closed via a RST received in response to the FIN |
| 12 | + |
| 13 | +####Filtered Port: |
| 14 | +Cannot distinguish between a filtered port and an open port |
| 15 | + |
| 16 | +####Unfiltered Port: |
| 17 | +Cannot distinguish between an unfiltered port and a non-stateful filtered port |
| 18 | + |
| 19 | +#Vulnerable Application |
| 20 | + |
| 21 | + XMAS scan requires the use of raw sockets, and thus cannot be performed from some Windows |
| 22 | + systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges. |
| 23 | + |
| 24 | +# Options |
| 25 | + |
| 26 | + **PORTS** |
| 27 | + |
| 28 | + This is the list of TCP ports to test on each host. |
| 29 | + Formats like `1-3`, `1,2,3`, `1,2-3`, etc. are all supported. Default |
| 30 | + options is to scan `1-10000` ports. |
| 31 | + |
| 32 | + **Timeout** |
| 33 | + |
| 34 | + This options states the reply read timeout in milliseconds. Default value if `500`. |
| 35 | + |
| 36 | + **RHOSTS** |
| 37 | + |
| 38 | + The target address range is defined in this option. |
| 39 | + |
| 40 | + **VERBOSE** |
| 41 | + |
| 42 | + Gives detailed message about the scan of all the ports. It also shows the |
| 43 | + ports that were not open/filtered. |
| 44 | + |
| 45 | +# Verification Steps |
| 46 | + |
| 47 | + 1. Do: `use auxiliary/scanner/portscan/xmas` |
| 48 | + 2. Do: `set RHOSTS [IP]` |
| 49 | + 3. Do: `set PORTS [PORTS]` |
| 50 | + 4. Do: `run` |
| 51 | + 5. The open/filtered ports will be discovered, status will be printed indicating as such. |
| 52 | + |
| 53 | +# Scenarios |
| 54 | + |
| 55 | +### Metaspliotable 2 |
| 56 | + |
| 57 | +``` |
| 58 | +msf > use auxiliary/scanner/portscan/xmas |
| 59 | +msf auxiliary(xmas) > set rhosts 192.168.45.159 |
| 60 | +rhosts => 192.168.45.159 |
| 61 | +msf auxiliary(xmas) > set ports 1-100 |
| 62 | +ports => 1-100 |
| 63 | +msf auxiliary(xmas) > run |
| 64 | +
|
| 65 | +[*] TCP OPEN|FILTERED 192.168.45.159:1 |
| 66 | +[*] TCP OPEN|FILTERED 192.168.45.159:3 |
| 67 | +[*] TCP OPEN|FILTERED 192.168.45.159:5 |
| 68 | +[*] TCP OPEN|FILTERED 192.168.45.159:8 |
| 69 | +[*] TCP OPEN|FILTERED 192.168.45.159:12 |
| 70 | +[*] TCP OPEN|FILTERED 192.168.45.159:14 |
| 71 | +[*] TCP OPEN|FILTERED 192.168.45.159:16 |
| 72 | +[*] TCP OPEN|FILTERED 192.168.45.159:19 |
| 73 | +[*] TCP OPEN|FILTERED 192.168.45.159:21 |
| 74 | +[*] TCP OPEN|FILTERED 192.168.45.159:37 |
| 75 | +[*] TCP OPEN|FILTERED 192.168.45.159:39 |
| 76 | +[*] TCP OPEN|FILTERED 192.168.45.159:41 |
| 77 | +[*] TCP OPEN|FILTERED 192.168.45.159:43 |
| 78 | +[*] TCP OPEN|FILTERED 192.168.45.159:49 |
| 79 | +[*] TCP OPEN|FILTERED 192.168.45.159:52 |
| 80 | +[*] TCP OPEN|FILTERED 192.168.45.159:53 |
| 81 | +[*] TCP OPEN|FILTERED 192.168.45.159:55 |
| 82 | +[*] TCP OPEN|FILTERED 192.168.45.159:57 |
| 83 | +[*] TCP OPEN|FILTERED 192.168.45.159:59 |
| 84 | +[*] TCP OPEN|FILTERED 192.168.45.159:61 |
| 85 | +[*] TCP OPEN|FILTERED 192.168.45.159:63 |
| 86 | +[*] TCP OPEN|FILTERED 192.168.45.159:65 |
| 87 | +[*] TCP OPEN|FILTERED 192.168.45.159:67 |
| 88 | +[*] TCP OPEN|FILTERED 192.168.45.159:69 |
| 89 | +[*] TCP OPEN|FILTERED 192.168.45.159:73 |
| 90 | +[*] TCP OPEN|FILTERED 192.168.45.159:89 |
| 91 | +[*] TCP OPEN|FILTERED 192.168.45.159:91 |
| 92 | +[*] TCP OPEN|FILTERED 192.168.45.159:93 |
| 93 | +[*] TCP OPEN|FILTERED 192.168.45.159:95 |
| 94 | +[*] TCP OPEN|FILTERED 192.168.45.159:97 |
| 95 | +[*] TCP OPEN|FILTERED 192.168.45.159:99 |
| 96 | +[*] Scanned 1 of 1 hosts (100% complete) |
| 97 | +[*] Auxiliary module execution completed |
| 98 | +
|
| 99 | +``` |
0 commit comments