44
Chapter 4
could also pass a range of hosts to the scanner (192.168.1.1-254) or a subnet
in Classless Inter-Domain Routing (CIDR) notation (192.168.1.0/24).
msf >
nexpose_scan 192.168.1.195
[*] Scanning 1 addresses with template pentest-audit in sets of 32
[*] Completed the scan of 1 addresses
msf >
After the NeXpose scan completes, the database you created earlier
should contain the results of the vulnerability scan. To view the results, enter
db_hosts
, as shown next. (In this example, the output has been trimmed by filter-
ing on the address column.)
msf >
db_hosts -c address
Hosts
=====
address Svcs Vulns Workspace
------- ---- ----- ---------
192.168.1.195 8 7 default
msf >
As you can see, NeXpose has discovered seven vulnerabilities. Run
db_vulns
to display the vulnerabilities found:
msf >
db_vulns
Although this scan has found significantly fewer than the 268 vulnerabilities
discovered with our prior use of NeXpose through the GUI with credentials,
you should have enough vulnerabilities here to get a great head start on
exploiting the system.
Scanning with Nessus
The Nessus vulnerability scanner from Tenable Security (
http://www.tenable
.com/
) is one of the most widely used vulnerability scanners. Metasploit’s
Nessus plug-in lets you launch scans and pull information from Nessus scans
via the console, but in the example that follows, we’ll import Nessus scan
results independently. Using Nessus 4.4.1 with a free Home Feed, we’ll run
this scan against the same target we’ll use throughout this chapter, with
known credentials. In these early stages of a penetration test, the more
tools you can use to fine-tune your future attacks, the better.
Nessus Configuration
After you have downloaded and installed Nessus, open your web browser and
navigate to
https://<youripaddress>:8834
, accept the certificate warning, and
log into Nessus using the credentials you created during installation. You
should see the main Nessus window, as shown in Figure 4-11.