Vulnerability scanning Using Metasploit and WMAP

Vulnerability scanning

A vulnerability scanner is an automated computer program designed to assess computers,
computer systems, networks or applications and look for weaknesses. The program probes a
system by sending data to it and analyzing the responses received. To identify any
vulnerabilities on the target system, a vulnerability scanner uses its vulnerability database as
reference. Don’t forget that vulnerability scanners create a lot of traffic on a network and are not
suitable if one of your objectives is to remain undetected.

WMAP – web vulnerability Scanner
WMAP is a web vulnerability scanner and is integrated with Metasploit. First of all we have to
load wmap plugin by issuing the command:

load wmap

To perform your web scan follow these steps:

Add a new target url,
wmap_sites -a http://192.168.1.5

add the site as a target,
wmap_targets -t http://192.168.1.5

list the modules that will be used to scan the remote system,
wmap_run -t

scan the target system,
wmap_run -e

to see if wmap found anything interesting execute
hosts -c address, svcs, vulns

if wmap found any vulnerabilities issue the command
vulns

to get more details

NeXpose vulnerability Scanner
To import NeXpose vulnerability scanning report you have to import NeXpose xml file into MSF
database. To import xml file enter import followed by the report filename. for ex.
import /root/my_nexpose_scan.xml

To verify that the scanned hosts and vulnerability data was
imported properly, enter
hosts -c address,svcs,vulns

to check if everything was imported. Enter
vulns

to view details for the discovered vulnerabilities.

NeXpose plugin
There is a NeXpose plugin for Metasploit to run NeXpose from msfconsole. To perform a
vulnerability scan within NeXpose you have to:

Load NeXpose plugin,
load nexpose

if you need help enter
help

connect to your NeXpose server
nexpose_connect username:pass@127.0.0.1[:port]

launch a new scan with nexpose_scan followed by the the target IP address, for ex.
nexpose_scan 192.168.1.5

enter
hosts -c address,svcs,vulns

to view the results,
execute
vulns

to view details for the discovered vulnerabilities.

Nessus vulnerability Scanner
To import nessus vulnerability scanning report you have to download it first by selecting your
report and hitting download. Download report in .nessus format. To import the
Nessus results file enter import followed by the report filename. for ex.
import /root/nessus_report_ftp_target.nessus

To verify that the scanned hosts and vulnerability data
was imported properly, enter
hosts -c address,svcs,vulns

to check if your targeted ip addresses,
the number of services detected, and the number of vulnerabilities found by Nessus are in the
list. Like we did with wmap, enter
vulns

to view details for the discovered vulnerabilities.

Nessus plugin
There is also a Nessus plugin for Metasploit to control Nessus through Metasploit framework. To
perform a vulnerability scan within Nessus from within Metasploit follow these steps:

Load Nessus plugin,
load nessus

if you need help enter
nessus_help

authenticate to your Nessus server
nessus_connect username:pass@127.0.0.1:8834

list available scan policies by issuing,
nessus_policy_list

launch a new scan with nessus_scan_new followed by the policy number, a 
name for your scan, and your target IP address, for ex.
nessus_scan_new 1 scan_target 192.168.1.5

to see scan status while it’s running enter
nessus_scan_status

to list the available scan reports after the scan has completed, execute
nessus_report_list

command, identify the ID of the report you want to import and enter
nessus_report_get

to download the report and import it into the Metasploit database automatically. for ex
nessus_report_get 1d890f6b-be0d-1e8f-ea6f-fca1ea1402ef9563fbf028305b22