Hacking

Vulnerability scanning with Metasploit part I

April 10, 2018 by Warlock

Metasploit Framework, the Metasploit Project’s best-known creation, is a software platform for developing, testing, and executing exploits. It can be used to create security testing tools and exploit modules and also as a penetration testing system. It was originally created as a portable network tool in 2003 by HD Moore. It is one of the most popular penetration testing tools among all security researchers and hackers. Apart from penetration testing, this tool also performs a very good vulnerability assessment in network and web applications. It has built-in plug-ins for some famous vulnerability scanners, such as Nessus, Nexpose, OpenVAS, and WMAP.

In this article, we are going to see how to perform vulnerability assessments of network and web applications by using Metasploit built-in plug-ins. First we will start with OpenVAS; before jumping into msfconsole, you have to install OpenVAS in your system. The installation process is given on BackTrack’s official website http://www.backtrack-linux.org/wiki/index.php/OpenVas. Just follow the steps. Now we are moving into our topic, how to perform a vulnerability assessment via OpenVAS.

To run OpenVAS, type in load openvas in msfconsole and it will load and open the VAS plug-in from its database.

Now type in openvas_help and it will show all usage commands for OpenVAS.

We have to connect our OpenVAS to its server by giving the command openvas_connect and it will show the full usage command, which is openvas_connect username password host port <ssl-confirm> for connecting to the server. In my case, the command is openvas_connect rohit toor localhost 9390 ok

As can we can see in the above figure, our OpenVAS connection is successful. Now we will create a target for scanning. The command for creating a target is openvas_target_create <scan name> <target IP> <any comments> . In the below figure, we can see my scan name is windows7 , the target is 192.168.0.101 and the comment is new_scan , so the command is openvas_target_create “windows7” 192.168.0.101 “new_scan”

After creating the target, we want to see the OpenVAS’s scan configuration list, so type in openvas_config_list.

OpenVAS has four types of scan configuration; we will select this as per requirement. Next type in openvas_target_list and it will show your created targets.

Now we have a target and we have also seen the scan configuration, so we will create a task for scanning our target machine.

To create a task, the command is openvas_task_create <scanname> <comment> <scanconfig ID> <targetID>

For example, in the above figure, we type in openvas_task_create windows7 new_scan 3 1

We can see that our task is created and the task ID is 0 for our target machine. Now start the task by typing in openvas_task_start <taskID>. Here we are using openvas_task_start 0

As we can see, after giving the start command, our request is submitted, which means our scan should be starting now. Let us check by typing in open_vas_list and it shows that our scan status is running and progress is 1, meaning 1%.

Just wait for some time and again check the progress.

The progress is now 80%, which means it’s almost complete. When the scan is complete, the progress will show -1. and the status will show “Done.”

Our scan is completed now, so we can download the report; type in openvas_report_list and it will show all reports from its database.

There are several formats for downloading the report. Type in openvas_format_list and it will list all available formats.

After choosing the format, we can download the report by using this command: openvas_report_download <report id> <format id> <path for saving report> <report name>. Here we are using openvas_report_download 1 5 /root/Desktop report

The OpenVAS has a bug in the report format: Whenever I tried to download PDF or XML formats, it gives blank report, so again I download the report in HTML format and this format is working

 

Posted: April 10, 2018
Articles Author
Warlock
View Profile

Warlock works as a Information Security Professional. He has quite a few global certifications to his name such as CEH, CHFI, OSCP and ISO 27001 Lead Implementer. He has experience in penetration testing, social engineering, password cracking and malware obfuscation. He is also involved with various organizations to help them in strengthening the security of their applications and infrastructure.

10 responses to “Vulnerability scanning with Metasploit part I”

  1. Kerry says:

    Great step by step lesson! Very easy to follow along with.

  2. openvasfish says:

    Sorry.
    when I run the command , the error happend. I can’t figure out why.

    msf > openvas_connect openvas openvas localhost 9390 ok
    [*] Connecting to OpenVAS instance at localhost:9390 with username openvas…
    [-] Error while running command openvas_connect: OpenVAS OMP: Error in OMP request/response

    Call stack:
    /opt/metasploit/apps/pro/msf3/lib/openvas/openvas-omp.rb:531:in `rescue in config_get_all’
    /opt/metasploit/apps/pro/msf3/lib/openvas/openvas-omp.rb:518:in `config_get_all’
    /opt/metasploit/apps/pro/msf3/lib/openvas/openvas-omp.rb:138:in `initialize’
    /opt/metasploit/apps/pro/msf3/plugins/openvas.rb:192:in `new’
    /opt/metasploit/apps/pro/msf3/plugins/openvas.rb:192:in `cmd_openvas_connect’
    /opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command’
    /opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single’
    /opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `each’
    /opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single’
    /opt/metasploit/apps/pro/msf3/lib/rex/ui/text/shell.rb:200:in `run’
    /opt/metasploit/apps/pro/msf3/msfconsole:148:in `’

    my openvas configuration
    openvas-adduser
    openvas-mkcert -f
    openvas-nvt-sync
    openvassd
    openvas-mkcert-client
    openvasmd –rebuild
    openvasad -c ‘add_user’ -n openvas -r Admin
    openvasmd -p 9390 -a 127.0.0.1
    openvasad -a 127.0.0.1 -p 9393
    gsad –http-only –listen=127.0.0.1 -p 9392

    • m3d says:

      check status of OpenVAS Manager.
      #services openvas-manager status | stop | start | restart
      Also run OpenVAS check-setup, it shows you which post use OPM (default is 9390)

  3. openvasfish says:

    There must be something wrong.

    msf > openvas_connect openvas openvas localhost 9390 ok
    [*] Connecting to OpenVAS instance at localhost:9390 with username openvas…
    [-] Error while running command openvas_connect: OpenVAS OMP: Error in OMP request/response

    Call stack:
    /opt/metasploit/apps/pro/msf3/lib/openvas/openvas-omp.rb:531:in `rescue in config_get_all’
    /opt/metasploit/apps/pro/msf3/lib/openvas/openvas-omp.rb:518:in `config_get_all’
    /opt/metasploit/apps/pro/msf3/lib/openvas/openvas-omp.rb:138:in `initialize’
    /opt/metasploit/apps/pro/msf3/plugins/openvas.rb:192:in `new’
    /opt/metasploit/apps/pro/msf3/plugins/openvas.rb:192:in `cmd_openvas_connect’
    /opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command’
    /opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single’
    /opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `each’
    /opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single’
    /opt/metasploit/apps/pro/msf3/lib/rex/ui/text/shell.rb:200:in `run’
    /opt/metasploit/apps/pro/msf3/msfconsole:148:in `’

    my configuration
    openvas-adduser
    openvas-mkcert -f
    openvas-nvt-sync
    openvassd
    openvas-mkcert-client
    openvasmd –rebuild
    openvasad -c ‘add_user’ -n openvas -r Admin
    openvasmd -p 9390 -a 127.0.0.1
    openvasad -a 127.0.0.1 -p 9393
    gsad –http-only –listen=127.0.0.1 -p 9392

  4. Rohit says:

    ‘@openvasfih Sorry for the late response. Did you updated your metasploit, If not first update it to the latest version. First remove the older version then install a fresh one from here https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version.

    • openvasfish says:

      thanks Rohit, it’s fixed.

      • Niel says:

        Sorry, could you tell how you fixed this issue ?
        I have MSF installed from github, and updated. Ruby is v 2.1.0.
        I also get these errors, and is unable to resolve.

        • indilo says:

          Have you ever setup and started openvas ?

          I done this by typing :

          # openvas-setup
          # openvas-start

          I am using backtrack so I am not sure if it is required to do this as root

          • Niel says:

            Yes, I have it set up (openvas).
            Funny thing, I tried this a while ago (I believe msf v 4.3) where it worked, but now I get this error message (even today with latest msf version 4.10)

  5. Yemjohn says:

    The same problem is happening. Who can wipe my tears??

Leave a Reply

Your email address will not be published. Required fields are marked *