Vulnerability Scanning
43
in this case. But, of course, this has been a very noisy scan, likely to attract lots
of attention. These types of vulnerability scans are best used in a pen test
where being stealthy is not required.
Running NeXpose Within MSFconsole
Running NeXpose from the web GUI is great for fine-tuning vulnerability
scans and generating reports, but if you prefer to remain in
msfconsole
, you
can still run full vulnerability scans with the NeXpose plug-in included in
Metasploit.
To demonstrate the difference in results between a credentialed and non-
credentialed scan, we will run a scan from with Metasploit without specifying
a username and password for the target system. Before you begin, delete any
existing database with
db_destroy
, create a new database in Metasploit with
db_connect
, and then load the NeXpose plug-in with
load nexpose
as shown next:
msf >
db_destroy postgres:toor@127.0.0.1/msf3
[*] Warning: You will need to enter the password at the prompts below
Password:
msf >
db_connect postgres:toor@127.0.0.1/msf3
msf >
load nexpose
[*] NeXpose integration has been activated
[*] Successfully loaded plugin: nexpose
With the NeXpose plug-in loaded, have a look at the commands loaded
specifically for the vulnerability scanner by entering the
help
command. You
should see a series of new commands at the top of the listing specific to run-
ning NeXpose.
msf >
help
Before running your first scan from
msfconsole
, you will need to connect
to your NeXpose installation. Enter
nexpose_connect -h
to display the usage
required to connect; add your username, password, and host address; and
accept the SSL certificate warning by adding
ok
to the end of the connect
string:
msf >
nexpose_connect -h
[*] Usage:
[*] nexpose_connect username:password@host[:port] <ssl-confirm>
[*] -OR-
[*] nexpose_connect username password host port <ssl-confirm>
msf >
nexpose_connect dookie:s3cr3t@192.168.1.206 ok
[*] Connecting to NeXpose instance at 192.168.1.206:3780 with username dookie...
Now enter
nexpose_scan
followed by the target IP address to initiate a scan, as
shown next. In this example, we are scanning a single IP address, but you