Browse Exploit & Auxiliary Modules
The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.
Search for modules
BNAT Scanner
This module is a scanner which can detect Broken NAT (network address translation) implementations, which could result in a inability to reach ports on remote machines. Typically, these ports will appear in nmap scans as 'filtered'/'closed'.
Rank
- Normal
Authors
- bannedit < bannedit [at] metasploit.com >
- Jonathan Claudius < jclaudius [at] trustwave.com >
References
- https://github.com/claudijd/BNAT-Suite
- http://www.slideshare.net/claudijd/dc-skytalk-bnat-hijacking-repairing-broken...
Development
Similar Modules
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/bnat/bnat_scan
msf auxiliary(bnat_scan) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(bnat_scan) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/bnat/bnat_scan
msf auxiliary(bnat_scan) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(bnat_scan) > run
Module Options
| INTERFACE | The name of the interface (default: eth0) |
| PORTS | Ports to scan (e.g. 22-25,80,110-900) (default: 21,22,23,80,443) |
| RHOSTS | The target address range or CIDR identifier |
| THREADS | The number of concurrent threads (default: 1) |
| TIMEOUT | The reply read timeout in milliseconds (default: 500) |
| GATEWAY | The gateway IP address. This will be used rather than a random remote address for the UDP probe, if set. |
| NETMASK | The local network mask. This is used to decide if an address is in the local network. |
| ShowProgress | Display progress messages during a scan |
| ShowProgressPercent | The interval in percent that progress should be shown |
| UDP_SECRET | The 32-bit cookie for UDP probe requests. |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |