background image

Vulnerability Scanning

49

4.

For a complete listing of the vulnerability data that was imported into 
Metasploit, enter 

db_vulns

 without any switches, as shown here:

msf > 

db_vulns

[*] Time: Wed Mar 09 03:40:10 UTC 2011 Vuln: host=192.168.1.195 

name=NSS-10916 refs=OSVDB-755

[*] Time: Wed Mar 09 03:40:10 UTC 2011 Vuln: host=192.168.1.195 

name=NSS-10915 refs=OSVDB-754

[*] Time: Wed Mar 09 03:40:11 UTC 2011 Vuln: host=192.168.1.195 

name=NSS-10913 refs=OSVDB-752

[*] Time: Wed Mar 09 03:40:12 UTC 2011 Vuln: host=192.168.1.195 

name=NSS-10114 refs=CVE-1999-0524,OSVDB-94,CWE-200

[*] Time: Wed Mar 09 03:40:13 UTC 2011 Vuln: host=192.168.1.195 

name=NSS-11197 refs=CVE-2003-0001,BID-6535

At the end of your pen test, having these references available can be of 

great assistance when you’re writing the report for your client.

Scanning with Nessus from Within Metasploit

During those times when you don’t feel like leaving the comfort of the 
command line, you can use the Nessus Bridge plug-in (

http://blog.zate.org/

nessus-plugin-dev/

) by Zate within Metasploit. The Nessus Bridge allows you to 

control Nessus completely through the Metasploit Framework, run scans, 
interpret results, and launch attacks based on the vulnerabilities identified 
through Nessus.

1.

As in the preceding examples, first destroy the existing database with the 

db_destroy

 command and create a new one using 

db_connect

.

2.

Load the Nessus plug-in by running 

load nessus

, as shown here:

msf > 

db_destroy postgres:toor@127.0.0.1/msf3

[*] Warning: You will need to enter the password at the prompts below
Password:

msf > 

db_connect postgres:toor@127.0.0.1/msf3

msf > 

load nessus

[*] Nessus Bridge for Metasploit 1.1
[+] Type nessus_help for a command listing
[+] Exploit Index - (/root/.msf3/nessus_index) -  is valid.
[*] Successfully loaded plugin: Nessus

3.

Running the command 

nessus_help

 will display all of the commands that 

the plug-in supports. The Bridge undergoes regular development and 
updates, so it is a good idea to check the help output periodically to see 
what new features, if any, have been added.