How to do it...

In Chapter 1, Metasploit Quick Tips for Security Professionals, we already talked about the db_nmap basic usage, so now we will take a look at some more advanced features. In the following example, you will learn how to use some of those features:

msf > db_nmap -Pn -sTV -T4 --open --min-parallelism 64 --version-all 192.168.216.10 -p -
[*] Nmap: Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-20 06:33 EDT
[*] Nmap: Nmap scan report for 192.168.216.10
[*] Nmap: Host is up (0.00044s latency).
[*] Nmap: Not shown: 54809 closed ports, 10678 filtered ports
[*] Nmap: Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
...

[*] Nmap: 50560/tcp open unknown
[*] Nmap: 50561/tcp open unknown
[*] Nmap: Service Info: OSs: Windows, Windows Server 2008 R2 - 2012; Device: remote management; CPE: cpe:/o:microsoft:windows
[*] Nmap: Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 522.38 seconds
msf > 

We use db_nmap with the -Pn option to treat all hosts as online and skip host discovery, -sTV to perform a TCP connect scan, the V flag to carry out a version scan of the open ports discovered, and -T4 to set the timing template higher so the scan runs faster. The --open option will only show open ports, --min-parallelism is used to specify the minimum amount of parallel processes at one time, and --version-all to try every single probe in order to identify a more specific version of the service running on an open port. To run the scan, we set the IP address of the target host and use  -p - to specify that we want to scan all the 65535 ports.