Vulnerability scanning and Metasploit

A vulnerability scanner is an automated computer program designed to assess computers,
computer systems, networks or applications and look for weaknesses. The program probes a
system by sending data to it and analyzing the responses received. To identify any
vulnerabilities on the target system, a vulnerability scanner uses its vulnerability database as
reference. Don’t forget that vulnerability scanners create a lot of traffic on a network and are not
suitable if one of your objectives is to remain undetected.

WMAP – web vulnerability Scanner
WMAP is a web vulnerability scanner and is integrated with Metasploit. First of all we have to
load wmap plugin by issuing the command:

load wmap

To perform your web scan follow these steps:

  • Add a new target url,
    wmap_sites -a http://192.168.1.5
  • add the site as a target,
    wmap_targets -t http://192.168.1.5
  • list the modules that will be used to scan the remote system,
    wmap_run -t
  • scan the target system,
    wmap_run -e
  • to see if wmap found anything interesting execute
    hosts -c address, svcs, vulns
  • if wmap found any vulnerabilities issue the command
    vulns

    to get more details

NeXpose vulnerability Scanner
To import NeXpose vulnerability scanning report you have to import NeXpose xml file into MSF
database. To import xml file enter import followed by the report filename. for ex.

import /root/my_nexpose_scan.xml

To verify that the scanned hosts and vulnerability data was
imported properly, enter

hosts -c address,svcs,vulns

to check if everything was imported. Enter

vulns

to view details for the discovered vulnerabilities.

NeXpose plugin
There is a NeXpose plugin for Metasploit to run NeXpose from msfconsole. To perform a
vulnerability scan within NeXpose you have to:

  • Load NeXpose plugin,
    load nexpose
  • if you need help enter
    help
  • connect to your NeXpose server
    nexpose_connect username:pass@127.0.0.1[:port]
  • launch a new scan with nexpose_scan followed by the the target IP address, for ex.
    nexpose_scan 192.168.1.5
  • enter
    hosts -c address,svcs,vulns

    to view the results,

  • execute
    vulns

    to view details for the discovered vulnerabilities.

Nessus vulnerability Scanner
To import nessus vulnerability scanning report you have to download it first by selecting your
report and hitting download. Download report in .nessus format. To import the
Nessus results file enter import followed by the report filename. for ex.

import /root/nessus_report_ftp_target.nessus

. To verify that the scanned hosts and vulnerability data
was imported properly, enter

hosts -c address,svcs,vulns

to check if your targeted ip addresses,
the number of services detected, and the number of vulnerabilities found by Nessus are in the
list. Like we did with wmap, enter

vulns

to view details for the discovered vulnerabilities.

Nessus plugin
There is also a Nessus plugin for Metasploit to control Nessus through Metasploit framework. To
perform a vulnerability scan within Nessus from within Metasploit follow these steps:

  • Load Nessus plugin,
    load nessus
  • if you need help enter
    nessus_help
  • authenticate to your Nessus server
    nessus_connect username:pass@127.0.0.1:8834
  • list available scan policies by issuing,
    nessus_policy_list
  • launch a new scan with nessus_scan_new followed by the policy number, a name for your scan, and your target IP address, for ex.
    nessus_scan_new 1 scan_target 192.168.1.5
  • to see scan status while it’s running enter
    nessus_scan_status
  • to list the available scan reports after the scan has completed, execute
    nessus_report_list

    command, identify the ID of the report you want to import and enter

    nessus_report_get

    to download the report and import it into the Metasploit database automatically. for ex

    nessus_report_get 1d890f6b-be0d-1e8f-ea6f-fca1ea1402ef9563fbf028305b22

This post is part of my article about metasploit which was originally published in PenTest Magazine, August issue.

%d bloggers like this: