background image

Vulnerability Scanning

51

ID                                                    Name         Status     Date
--                                                    ----         ------     ----
074dc984-05f1-57b1-f0c9-2bb80ada82fd3758887a05631c1d  Host_195     completed  19:43 Mar 08 2011
d2f1fc02-3b50-4e4e-ab8f-38b0813dd96abaeab61f312aa81e  bridge_scan  completed  09:37 Mar 09 2011

[*] You can:
[*] Get a list of hosts from the report: nessus_report_hosts <report id>
msf > 

nessus_report_get d2f1fc02-3b50-4e4e-ab8f-38b0813dd96abaeab61f312aa81e

[*] importing d2f1fc02-3b50-4e4e-ab8f-38b0813dd96abaeab61f312aa81e
[*] 192.168.1.195 Microsoft Windows XP Professional (English)  Done!
[+] Done

9.

Finally, as with the other import functions demonstrated in this chapter, 
you can use 

db_hosts

 to verify that the scan data was imported successfully:

msf > 

db_hosts -c address,svcs,vulns

Hosts
=====

address        svcs  vulns
-------        ----  -----
192.168.1.195  18    345

Now that you’ve seen the variation in scan results from two different 

products, you should have a better sense of the merit in using more than one 
tool for your scanning needs. It is still up to the penetration tester to interpret 
the results from these automated tools and turn them into actionable data.

Specialty Vulnerability Scanners

Although many commercial vulnerability scanners are available on the market, 
you are not limited to them. When you want to run a scan for a specific vul-
nerability across a network, Metasploit’s many auxiliary modules can help 
you accomplish such tasks. 

The following Metasploit modules are just a few examples of the many 

useful auxiliary scanning modules included in the Framework. Take advan-
tage of your lab to probe and explore as many of them as you can.

Validating SMB Logins

To check the validity of a username and password combination, use the SMB 
Login Check Scanner to connect to a range of hosts. As you might expect, 
this scan is loud and noticeable, and each login attempt will show up in the 
event logs of 

every

 Windows box it encounters.

After selecting the 

smb_login

 module with 

use

, you can run 

show_options

 to 

see the settings listed under the Required column. Metasploit allows you to 
specify a username and password combination, a username and password list, 
or a combination of either. In the next example, 

RHOSTS

 is set to a small range 

of IP addresses and a username and password are configured for Metasploit 
to try against all addresses.