background image

Vulnerability Scanning


ID                                                    Name         Status     Date
--                                                    ----         ------     ----
074dc984-05f1-57b1-f0c9-2bb80ada82fd3758887a05631c1d  Host_195     completed  19:43 Mar 08 2011
d2f1fc02-3b50-4e4e-ab8f-38b0813dd96abaeab61f312aa81e  bridge_scan  completed  09:37 Mar 09 2011

[*] You can:
[*] Get a list of hosts from the report: nessus_report_hosts <report id>
msf > 

nessus_report_get d2f1fc02-3b50-4e4e-ab8f-38b0813dd96abaeab61f312aa81e

[*] importing d2f1fc02-3b50-4e4e-ab8f-38b0813dd96abaeab61f312aa81e
[*] Microsoft Windows XP Professional (English)  Done!
[+] Done


Finally, as with the other import functions demonstrated in this chapter, 
you can use 


 to verify that the scan data was imported successfully:

msf > 

db_hosts -c address,svcs,vulns


address        svcs  vulns
-------        ----  -----  18    345

Now that you’ve seen the variation in scan results from two different 

products, you should have a better sense of the merit in using more than one 
tool for your scanning needs. It is still up to the penetration tester to interpret 
the results from these automated tools and turn them into actionable data.

Specialty Vulnerability Scanners

Although many commercial vulnerability scanners are available on the market, 
you are not limited to them. When you want to run a scan for a specific vul-
nerability across a network, Metasploit’s many auxiliary modules can help 
you accomplish such tasks. 

The following Metasploit modules are just a few examples of the many 

useful auxiliary scanning modules included in the Framework. Take advan-
tage of your lab to probe and explore as many of them as you can.

Validating SMB Logins

To check the validity of a username and password combination, use the SMB 
Login Check Scanner to connect to a range of hosts. As you might expect, 
this scan is loud and noticeable, and each login attempt will show up in the 
event logs of 


 Windows box it encounters.

After selecting the 


 module with 


, you can run 



see the settings listed under the Required column. Metasploit allows you to 
specify a username and password combination, a username and password list, 
or a combination of either. In the next example, 


 is set to a small range 

of IP addresses and a username and password are configured for Metasploit 
to try against all addresses.