background image

Vulnerability Scanning

43

in this case. But, of course, this has been a very noisy scan, likely to attract lots 
of attention. These types of vulnerability scans are best used in a pen test 
where being stealthy is not required.

Running NeXpose Within MSFconsole

Running NeXpose from the web GUI is great for fine-tuning vulnerability 
scans and generating reports, but if you prefer to remain in 

msfconsole

, you 

can still run full vulnerability scans with the NeXpose plug-in included in 
Metasploit.

To demonstrate the difference in results between a credentialed and non-

credentialed scan, we will run a scan from with Metasploit without specifying 
a username and password for the target system. Before you begin, delete any 
existing database with 

db_destroy

, create a new database in Metasploit with 

db_connect

, and then load the NeXpose plug-in with 

load nexpose

 as shown next:

msf > 

db_destroy postgres:toor@127.0.0.1/msf3

[*] Warning: You will need to enter the password at the prompts below
Password:

msf > 

db_connect postgres:toor@127.0.0.1/msf3

msf > 

load nexpose

[*] NeXpose integration has been activated
[*] Successfully loaded plugin: nexpose

With the NeXpose plug-in loaded, have a look at the commands loaded 

specifically for the vulnerability scanner by entering the 

help

 command. You 

should see a series of new commands at the top of the listing specific to run-
ning NeXpose.

msf > 

help

Before running your first scan from 

msfconsole

, you will need to connect 

to your NeXpose installation. Enter 

nexpose_connect -h

 to display the usage 

required to connect; add your username, password, and host address; and 
accept the SSL certificate warning by adding 

ok

 to the end of the connect 

string:

msf > 

nexpose_connect -h

[*] Usage:
[*]        nexpose_connect username:password@host[:port] <ssl-confirm>
[*]         -OR-
[*]        nexpose_connect username password host port <ssl-confirm>
msf > 

nexpose_connect dookie:s3cr3t@192.168.1.206 ok

[*] Connecting to NeXpose instance at 192.168.1.206:3780 with username dookie...

Now enter 

nexpose_scan

 followed by the target IP address to initiate a scan, as 

shown next. In this example, we are scanning a single IP address, but you