Vulnerability scanning with Metasploit part I

April 10, 2018 by

Metasploit Framework, the Metasploit Project's best-known creation, is a software platform for developing, testing, and executing exploits. It can be used to create security testing tools and exploit modules and also as a penetration testing system. It was originally created as a portable network tool in 2003 by HD Moore. It is one of the most popular penetration testing tools among all security researchers and hackers. Apart from penetration testing, this tool also performs a very good vulnerability assessment in network and web applications. It has built-in plug-ins for some famous vulnerability scanners, such as Nessus, Nexpose, OpenVAS, and WMAP.

Earn two pentesting certifications at once!

Earn two pentesting certifications at once!

Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.

In this article, we are going to see how to perform vulnerability assessments of network and web applications by using Metasploit built-in plug-ins. First we will start with OpenVAS; before jumping into msfconsole, you have to install OpenVAS in your system. The installation process is given on BackTrack's official website http://www.backtrack-linux.org/wiki/index.php/OpenVas. Just follow the steps. Now we are moving into our topic, how to perform a vulnerability assessment via OpenVAS.

To run OpenVAS, type in load openvas in msfconsole and it will load and open the VAS plug-in from its database.

Now type in openvas_help and it will show all usage commands for OpenVAS.

We have to connect our OpenVAS to its server by giving the command openvas_connect and it will show the full usage command, which is openvas_connect username password host port <ssl-confirm> for connecting to the server. In my case, the command is openvas_connect rohit toor localhost 9390 ok

As can we can see in the above figure, our OpenVAS connection is successful. Now we will create a target for scanning. The command for creating a target is openvas_target_create <scan name> <target IP> <any comments> . In the below figure, we can see my scan name is windows7 , the target is and the comment is new_scan , so the command is openvas_target_create "windows7" "new_scan"

After creating the target, we want to see the OpenVAS's scan configuration list, so type in openvas_config_list.

OpenVAS has four types of scan configuration; we will select this as per requirement. Next type in openvas_target_list and it will show your created targets.

Now we have a target and we have also seen the scan configuration, so we will create a task for scanning our target machine.

To create a task, the command is openvas_task_create <scanname> <comment> <scanconfig ID> <targetID>

For example, in the above figure, we type in openvas_task_create windows7 new_scan 3 1

We can see that our task is created and the task ID is 0 for our target machine. Now start the task by typing in openvas_task_start <taskID>. Here we are using openvas_task_start 0

As we can see, after giving the start command, our request is submitted, which means our scan should be starting now. Let us check by typing in open_vas_list and it shows that our scan status is running and progress is 1, meaning 1%.

Just wait for some time and again check the progress.

The progress is now 80%, which means it's almost complete. When the scan is complete, the progress will show -1. and the status will show "Done."

Our scan is completed now, so we can download the report; type in openvas_report_list and it will show all reports from its database.

Become a Certified Ethical Hacker, guaranteed!

Become a Certified Ethical Hacker, guaranteed!

Get training from anywhere to earn your Certified Ethical Hacker (CEH) Certification — backed with an Exam Pass Guarantee.

There are several formats for downloading the report. Type in openvas_format_list and it will list all available formats.

After choosing the format, we can download the report by using this command: openvas_report_download <report id> <format id> <path for saving report> <report name>. Here we are using openvas_report_download 1 5 /root/Desktop report

The OpenVAS has a bug in the report format: Whenever I tried to download PDF or XML formats, it gives blank report, so again I download the report in HTML format and this format is working



Warlock works as a Information Security Professional. He has quite a few global certifications to his name such as CEH, CHFI, OSCP and ISO 27001 Lead Implementer. He has experience in penetration testing, social engineering, password cracking and malware obfuscation. He is also involved with various organizations to help them in strengthening the security of their applications and infrastructure.