Vulnerability Scanning
51
ID Name Status Date
-- ---- ------ ----
074dc984-05f1-57b1-f0c9-2bb80ada82fd3758887a05631c1d Host_195 completed 19:43 Mar 08 2011
d2f1fc02-3b50-4e4e-ab8f-38b0813dd96abaeab61f312aa81e bridge_scan completed 09:37 Mar 09 2011
[*] You can:
[*] Get a list of hosts from the report: nessus_report_hosts <report id>
msf >
nessus_report_get d2f1fc02-3b50-4e4e-ab8f-38b0813dd96abaeab61f312aa81e
[*] importing d2f1fc02-3b50-4e4e-ab8f-38b0813dd96abaeab61f312aa81e
[*] 192.168.1.195 Microsoft Windows XP Professional (English) Done!
[+] Done
9.
Finally, as with the other import functions demonstrated in this chapter,
you can use
db_hosts
to verify that the scan data was imported successfully:
msf >
db_hosts -c address,svcs,vulns
Hosts
=====
address svcs vulns
------- ---- -----
192.168.1.195 18 345
Now that you’ve seen the variation in scan results from two different
products, you should have a better sense of the merit in using more than one
tool for your scanning needs. It is still up to the penetration tester to interpret
the results from these automated tools and turn them into actionable data.
Specialty Vulnerability Scanners
Although many commercial vulnerability scanners are available on the market,
you are not limited to them. When you want to run a scan for a specific vul-
nerability across a network, Metasploit’s many auxiliary modules can help
you accomplish such tasks.
The following Metasploit modules are just a few examples of the many
useful auxiliary scanning modules included in the Framework. Take advan-
tage of your lab to probe and explore as many of them as you can.
Validating SMB Logins
To check the validity of a username and password combination, use the SMB
Login Check Scanner to connect to a range of hosts. As you might expect,
this scan is loud and noticeable, and each login attempt will show up in the
event logs of
every
Windows box it encounters.
After selecting the
smb_login
module with
use
, you can run
show_options
to
see the settings listed under the Required column. Metasploit allows you to
specify a username and password combination, a username and password list,
or a combination of either. In the next example,
RHOSTS
is set to a small range
of IP addresses and a username and password are configured for Metasploit
to try against all addresses.