Use search portscan to display built-in Metasploit port scanners. Note that msfconsole needs to be run as root for many scans to work — just like Nmap. That said, in my experience the fancier TCP scans (for example, SYN) don’t work over a VPN… So maybe best to stick with Nmap.
Targeted scanners can be more useful, however:
- The
auxiliary/scanner/discovery/udp_sweepmodule will probe for common UDP services. - The
auxiliary/scanner/http/http_versionmodule will give you HTTP server version information. - The
auxiliary/scanner/smb/smb_loginmodule will allow you to conduct brute-force and password spraying attacks against Samba logins.
Metasploit has a variety of Samba/CIFS scanners too (use search scanner/smb to list them), as well as modules for basic enumeration such as smtp_version/smtp_enum (for SMTP) and mysql_sql (for MySQL, though this seems to just be a thin wrapper around the MySQL command line client).