Vulnerability Scanning
49
4.
For a complete listing of the vulnerability data that was imported into
Metasploit, enter
db_vulns
without any switches, as shown here:
msf >
db_vulns
[*] Time: Wed Mar 09 03:40:10 UTC 2011 Vuln: host=192.168.1.195
name=NSS-10916 refs=OSVDB-755
[*] Time: Wed Mar 09 03:40:10 UTC 2011 Vuln: host=192.168.1.195
name=NSS-10915 refs=OSVDB-754
[*] Time: Wed Mar 09 03:40:11 UTC 2011 Vuln: host=192.168.1.195
name=NSS-10913 refs=OSVDB-752
[*] Time: Wed Mar 09 03:40:12 UTC 2011 Vuln: host=192.168.1.195
name=NSS-10114 refs=CVE-1999-0524,OSVDB-94,CWE-200
[*] Time: Wed Mar 09 03:40:13 UTC 2011 Vuln: host=192.168.1.195
name=NSS-11197 refs=CVE-2003-0001,BID-6535
At the end of your pen test, having these references available can be of
great assistance when you’re writing the report for your client.
Scanning with Nessus from Within Metasploit
During those times when you don’t feel like leaving the comfort of the
command line, you can use the Nessus Bridge plug-in (
http://blog.zate.org/
nessus-plugin-dev/
) by Zate within Metasploit. The Nessus Bridge allows you to
control Nessus completely through the Metasploit Framework, run scans,
interpret results, and launch attacks based on the vulnerabilities identified
through Nessus.
1.
As in the preceding examples, first destroy the existing database with the
db_destroy
command and create a new one using
db_connect
.
2.
Load the Nessus plug-in by running
load nessus
, as shown here:
msf >
db_destroy postgres:toor@127.0.0.1/msf3
[*] Warning: You will need to enter the password at the prompts below
Password:
msf >
db_connect postgres:toor@127.0.0.1/msf3
msf >
load nessus
[*] Nessus Bridge for Metasploit 1.1
[+] Type nessus_help for a command listing
[+] Exploit Index - (/root/.msf3/nessus_index) - is valid.
[*] Successfully loaded plugin: Nessus
3.
Running the command
nessus_help
will display all of the commands that
the plug-in supports. The Bridge undergoes regular development and
updates, so it is a good idea to check the help output periodically to see
what new features, if any, have been added.