Discussion:
[ale] Metasploit vs Shodan
Chris Fowler via Ale
2018-12-03 22:35:18 UTC
Permalink
Recently I've been playing with Shodan and I really like it. I would really like to see info like it provides, but for systems in private address space. I could proxyarp a private machine I'm testing to a public address, but I need a commercial API key to trigger the shodan mothership to scan it.

Does Metasploit provide the same info? I can load Kali Linux on a Pi Zero W and have it scan the local subnet.

Chris
Arie vW via Ale
2018-12-04 00:30:09 UTC
Permalink
What exactly are you looking for? nmap is the go-to port scanner (in my
experience).
Metasploit is more of a exploitation tool although it does have some
auxiliary scanning modules too.
I may not have fully understood your question, but I do know the majority
of tools can be downloaded on any distro so there is no need to jump to
Kali unless you want the whole shebang. Kali does have an ARM image
nowadays I believe, but like I said, depending on what exactly you're
looking for, probably a lot of unnecessary stuff.
Also, check out nessus, I haven't played with it too much (I think there's
a free version) but it kinda lays it out like shodan from what I remember.

Arie
Recently I've been playing with Shodan and I really like it. I would
really like to see info like it provides, but for systems in private
address space. I could proxyarp a private machine I'm testing to a public
address, but I need a commercial API key to trigger the shodan mothership
to scan it.
Does Metasploit provide the same info? I can load Kali Linux on a Pi Zero
W and have it scan the local subnet.
Chris
_______________________________________________
Ale mailing list
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
dev null zero two via Ale
2018-12-04 00:35:34 UTC
Permalink
shodan is just an internet port scanner and banner grabber with a fancy
searching interface.
Post by Arie vW via Ale
What exactly are you looking for? nmap is the go-to port scanner (in my
experience).
Metasploit is more of a exploitation tool although it does have some
auxiliary scanning modules too.
I may not have fully understood your question, but I do know the majority
of tools can be downloaded on any distro so there is no need to jump to
Kali unless you want the whole shebang. Kali does have an ARM image
nowadays I believe, but like I said, depending on what exactly you're
looking for, probably a lot of unnecessary stuff.
Also, check out nessus, I haven't played with it too much (I think there's
a free version) but it kinda lays it out like shodan from what I remember.
Arie
Recently I've been playing with Shodan and I really like it. I would
really like to see info like it provides, but for systems in private
address space. I could proxyarp a private machine I'm testing to a public
address, but I need a commercial API key to trigger the shodan mothership
to scan it.
Does Metasploit provide the same info? I can load Kali Linux on a Pi
Zero W and have it scan the local subnet.
Chris
_______________________________________________
Ale mailing list
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
Sent from my mobile. Please excuse the brevity, spelling, and punctuation.
Joey Kelly via Ale
2018-12-04 21:43:31 UTC
Permalink
Post by Chris Fowler via Ale
Recently I've been playing with Shodan and I really like it. I would really
like to see info like it provides, but for systems in private address
space. I could proxyarp a private machine I'm testing to a public address,
but I need a commercial API key to trigger the shodan mothership to scan
it.
Do you really want your private holes to be publicly searchable?
--
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550


_______________________________________________
Ale mailing list
***@ale.org
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Jim Kinney via Ale
2018-12-05 01:26:34 UTC
Permalink
On Monday, December 3, 2018 5:35:18 PM EST Chris Fowler via Ale
wrote:Recently I've been playing with Shodan and I really like it. I
would reallylike to see info like it provides, but for systems in
private addressspace. I could proxyarp a private machine I'm testing
to a public address,but I need a commercial API key to trigger the
shodan mothership to scanit.
Do you really want your private holes to be publicly searchable?
Wow. I will never that image out of my mind.
--
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/
Loading...