Browse Exploit & Auxiliary Modules
The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.
Search for modules
Rogue Gateway Detection: Sender
This module send a series of TCP SYN and ICMP ECHO requests to each internal target host, spoofing the source address of an external system running the rogue_recv module. This allows the system running the rogue_recv module to determine what external IP a given internal system is using as its default route.
Rank
- Normal
Authors
- hdm < hdm [at] metasploit.com >
References
Development
Similar Modules
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/scanner/rogue/rogue_send
msf auxiliary(rogue_send) > set EHOST [ADDRESS]
msf auxiliary(rogue_send) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(rogue_send) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/scanner/rogue/rogue_send
msf auxiliary(rogue_send) > set EHOST [ADDRESS]
msf auxiliary(rogue_send) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(rogue_send) > run
Module Options
| CPORT | The source port for the TCP SYN packet (default: 13832) |
| ECHOID | The unique ICMP ECHO ID to embed into the packet (default: 7893) |
| EHOST | The IP address of the machine running rogue_recv |
| INTERFACE | The name of the interface |
| RHOSTS | The target address range or CIDR identifier |
| RPORT | The destination port for the TCP SYN packet (default: 80) |
| SNAPLEN | The number of bytes to capture (default: 65535) |
| THREADS | The number of concurrent threads (default: 1) |
| TIMEOUT | The number of seconds to wait for new data (default: 500) |
| GATEWAY | The gateway IP address. This will be used rather than a random remote address for the UDP probe, if set. |
| NETMASK | The local network mask. This is used to decide if an address is in the local network. |
| ShowProgress | Display progress messages during a scan |
| ShowProgressPercent | The interval in percent that progress should be shown |
| UDP_SECRET | The 32-bit cookie for UDP probe requests. |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |