Vulnerability scanning Using Metasploit and WMAP
Vulnerability scanning
A vulnerability scanner is an automated computer program designed to assess computers,
computer systems, networks or applications and look for weaknesses. The program probes a
system by sending data to it and analyzing the responses received. To identify any
vulnerabilities on the target system, a vulnerability scanner uses its vulnerability database as
reference. Don’t forget that vulnerability scanners create a lot of traffic on a network and are not
suitable if one of your objectives is to remain undetected.
WMAP – web vulnerability Scanner
WMAP is a web vulnerability scanner and is integrated with Metasploit. First of all we have to
load wmap plugin by issuing the command:
load wmap
To perform your web scan follow these steps:
Add a new target url,
wmap_sites -a http://192.168.1.5
add the site as a target,
wmap_targets -t http://192.168.1.5
list the modules that will be used to scan the remote system,
wmap_run -t
scan the target system,
wmap_run -e
to see if wmap found anything interesting execute
hosts -c address, svcs, vulns
if wmap found any vulnerabilities issue the command
vulns
to get more details
NeXpose vulnerability Scanner
To import NeXpose vulnerability scanning report you have to import NeXpose xml file into MSF
database. To import xml file enter import followed by the report filename. for ex.
import /root/my_nexpose_scan.xml
To verify that the scanned hosts and vulnerability data was
imported properly, enter
hosts -c address,svcs,vulns
to check if everything was imported. Enter
vulns
to view details for the discovered vulnerabilities.
NeXpose plugin
There is a NeXpose plugin for Metasploit to run NeXpose from msfconsole. To perform a
vulnerability scan within NeXpose you have to:
Load NeXpose plugin,
load nexpose
if you need help enter
help
connect to your NeXpose server
nexpose_connect username:pass@127.0.0.1[:port]
launch a new scan with nexpose_scan followed by the the target IP address, for ex.
nexpose_scan 192.168.1.5
enter
hosts -c address,svcs,vulns
to view the results,
execute
vulns
to view details for the discovered vulnerabilities.
Nessus vulnerability Scanner
To import nessus vulnerability scanning report you have to download it first by selecting your
report and hitting download. Download report in .nessus format. To import the
Nessus results file enter import followed by the report filename. for ex.
import /root/nessus_report_ftp_target.nessus
To verify that the scanned hosts and vulnerability data
was imported properly, enter
hosts -c address,svcs,vulns
to check if your targeted ip addresses,
the number of services detected, and the number of vulnerabilities found by Nessus are in the
list. Like we did with wmap, enter
vulns
to view details for the discovered vulnerabilities.
Nessus plugin
There is also a Nessus plugin for Metasploit to control Nessus through Metasploit framework. To
perform a vulnerability scan within Nessus from within Metasploit follow these steps:
Load Nessus plugin,
load nessus
if you need help enter
nessus_help
authenticate to your Nessus server
nessus_connect username:pass@127.0.0.1:8834
list available scan policies by issuing,
nessus_policy_list
launch a new scan with nessus_scan_new followed by the policy number, a
name for your scan, and your target IP address, for ex.
nessus_scan_new 1 scan_target 192.168.1.5
to see scan status while it’s running enter
nessus_scan_status
to list the available scan reports after the scan has completed, execute
nessus_report_list
command, identify the ID of the report you want to import and enter
nessus_report_get
to download the report and import it into the Metasploit database automatically. for ex
nessus_report_get 1d890f6b-be0d-1e8f-ea6f-fca1ea1402ef9563fbf028305b22
0 comments: