modules discovery

Within this category are all the modules involved in the discovery of services and / or devices. You can use port scanner, search BLuetooth devices or use SSDP or MDNS protocols among others. To load a module from this category load discovery/module.

Required	Total modules
--	12

The modules are listed below with their description and options to configure.

arpscan

The module performs an ARP scanner to detect active hosts on a network.

Option	Required	Description
iface	True	Network interface
rhost	True	Hosts to check (Examples: 192.168.56.1 or 192.168.56.0/16)
timeout	False	Timeout to wait for search responses. (In seconds)
verbose	False	Show extra information while running module

ble

With this module you can discover nearby devices with BLE (Bluetooth Low Energy) active. The result will be sorted by RSSI.

Option	Required	Description
rssi	False	dB signal to filter (min value, example -60)
timeout	True	Timeout to wait for search responses. (In seconds)

bluetooth

Launch this module to discover nearby devices with Bluetooth active.

Option	Required	Description
timeout	True	Timeout to wait for search responses. (In seconds)

mdns

With this module certain services can be discovered via MDNS (Multicast DNS).

Option	Required	Description
service	True	Service type string to search for. (_service._protocol)

mdns-avahi

This module uses avahi to discover certain services via MDNS (Multicast DNS).

Option	Required	Description
service	True	Service type string to search for. (_service._protocol) Set --all to search all services

nmap-portscan

This module use nmap to perform a port scan. It's possible to perform the following scans:

• S: SYN
• T: Connect
• A: ACK
• W: Window
• M: Maimon
• N: Null
• F: FIN
• X: Xmas

Option	Required	Description
rhost	True	Hosts to check (Examples: 192.168.56.1 or 192.168.56.0/16)
rports	True	Remote ports (Example: 100-500)
scan	False	nmap scan. Check namp scans to configure (Examples: SYN = S; Connect = T)
timeout	True	Timeout to wait for search responses. (In seconds)

nmap-osdetection

This module uses nmap to try to guess the operating system behind an IP.

Option	Required	Description
rhost	True	Remote host IP
timeout	False	Timeout to wait for search responses. (In seconds)

ssdp

Using this module you will be able to discover active devices through SSDP protocol.

Option	Required	Description
service	True	Service type string to search for (default: ssdp:all)
timeout	False	Timeout to wait for search responses. (In seconds)

synscan

Launches this module to perform a TCP SYN Scan to detect open ports on a system. rport and rports are optional, but at least one option must be configured.

Option	Required	Description
rhost	True	Remote host IP
rport	False	Remote port (Example: 80)
rports	False	Remote ports (Example: 100-500)
timeout	False	Timeout to wait for search responses. (In seconds)
verbose	False	Show extra information while running module

ttl-osdetection

This module checks the TTL to try to find out the operating system. The discovery/nmap-osdetection module is more complete.

Option	Required	Description
rhost	True	Remote host IP
timeout	False	Timeout to wait for search responses. (In seconds)

xiaomi-devices-active

This module uses socket requests to discover Xiaomi devices on a network (Active Discovery). You can configure rhost for a specific search or leave it on None to do a full search.

Option	Required	Description
rhost	False	Remote host IP (None to broadcast)
timeout	False	Timeout to wait for search responses. (In seconds)

xiaomi-devices-passive

The module discovers Xiaomi devices through MDNS. The service type is set to _miio._udp.local.

Option	Required	Description
timeout	False	Timeout to wait for search responses. (In seconds)