Today we will learn about Vulnerability scanning with Metasploit.
Metasploit Framework, the best-known creation of the Metasploit project, is a software platform for developing, testing, and running exploits. It can be used to create security testing tools and exploit modules as well as a penetration testing system. It was originally created as a portable networking tool in 2003 by HD Moore. It is one of the most popular penetration testing tools among all security researchers and hackers. Apart from penetration testing, this tool also performs very good vulnerability assessment in network and web applications. It has built-in plugins for some well-known vulnerability scanners such as Nessus, Neexpose, OpenVAS and WMAP.
Vulnerability scanning with Metasploit
In this article, we’ll look at how to perform vulnerability assessments of network and web applications using Metasploit’s built-in plugins. We’ll start with OpenVAS first; You need to install OpenVAS on your system before jumping into msfconsole. The installation process is listed on the official website of BackTrack http://www.backtrack-linux.org/wiki/index.php/OpenVas. Follow the instructions. Now we come to our topic of how to perform a vulnerability assessment via OpenVAS.
To start OpenVAS, type load openvas in msfconsole and it will load and open the VAS plugin from its database.
Now type in openvas_help and it will show all usage commands for OpenVAS.
We have to connect our OpenVAS to its server by giving the command openvas_connect and it will show the full usage command, which is openvas_connect username password host port <ssl-confirm> for connecting to the server. In my case, the command is openvas_connect rohit toor localhost 9390 ok
As can we can see in the above figure, our OpenVAS connection is successful. Now we will create a target for scanning. The command for creating a target is openvas_target_create <scan name> <target IP> <any comments> . In the below figure, we can see my scan name is windows7 , the target is 192.168.0.101 and the comment is new_scan , so the command is openvas_target_create “windows7” 192.168.0.101 “new_scan”
After creating the target, we want to see the OpenVAS’s scan configuration list, so type in openvas_config_list.
OpenVAS has four types of scan configuration; we will select this as per requirement. Next type in openvas_target_list and it will show your created targets.
Now we have a target and we have also seen the scan configuration, so we will create a task for scanning our target machine.
To create a task, the command is openvas_task_create <scanname> <comment> <scanconfig ID> <targetID>
For example, in the above figure, we type in openvas_task_create windows7 new_scan 3 1
We can see that our task is created and the task ID is 0 for our target machine. Now start the task by typing in openvas_task_start <taskID>. Here we are using openvas_task_start 0
As we can see, after giving the start command, our request is submitted, which means our scan should be starting now. Let us check by typing in open_vas_list and it shows that our scan status is running and progress is 1, meaning 1%.
Just wait for some time and again check the progress.
The progress is now 80%, which means it’s almost complete. When the scan is complete, the progress will show -1. and the status will show “Done.”
Our scan is completed now, so we can download the report; type in openvas_report_list and it will show all reports from its database.
There are several formats for downloading the report. Type in openvas_format_list and it will list all available formats.
After choosing the format, we can download the report by using this command: openvas_report_download <report id> <format id> <path for saving report> <report name>. Here we are using openvas_report_download 1 5 /root/Desktop report
The OpenVAS has a bug in the report format: Whenever I tried to download PDF or XML formats, it gives blank report, so again I download the report in HTML format and this format is working