Metasploit Vulnerability Scanning Guide

The document outlines the process of vulnerability scanning using the Metasploit Framework, highlighting tools such as the SMB Login Check and VNC Authentication Check. It discusses the importance of understanding the limitations of vulnerability scanning, including high false positive and negative rates. Additionally, it introduces WMAP for web application scanning and provides steps for conducting scans with Nexpose and Nessus.

Uploaded by

Dagim Mengesha

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

73 views10 pages

Metasploit Vulnerability Scanning Guide

Uploaded by

Dagim Mengesha

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

Lab 3

Vulnerability Scanning with Metasploit

Discovery Through Vulnerability Scanning

• Vulnerability scanning will allow you to quickly scan a target IP

range looking for known vulnerabilities, giving a penetration tester
a quick idea of what attacks might be worth conducting.
• When used properly, this is a great asset to a pen tester, yet it is
not without it’s draw backs. Vulnerability scanning is well known
for a high false positive and false negative rate. This has to be
kept in mind when working with any vulnerability scanning
software.
• Lets look through some of the vulnerability scanning capabilities
that the Metasploit Framework can provide.
SMB Login Check
• A common situation to find yourself in is being in possession of a
valid username and password combination, and wondering where
else you can use it. This is where the SMB Login Check Scanner
can be very useful, as it will connect to a range of hosts and
determine if the username/password combination can access the
target.
• Keep in mind that this is very “loud” as it will show up as a failed
login attempt in the event logs of every Windows box it touches.
• Be thoughtful on the network you are taking this action on. Any
successful results can be plugged into the windows/smb/psexec
exploit module (exactly like the standalone tool), which can be
used to create Meterpreter Sessions.
Cont.

• Usage
– use auxiliary/scanner/smb/smb_login
– set RHOSTS [Link]/24
– set SMBUser Bit
– set SMBPass 123456
– set THREADS 50
– run
VNC Authentication Check with the None Scanner

• The VNC(Virtual Network Computing) Authentication None

Scanner is an Auxiliary Module for Metasploit.
• This tool will search a range of IP addresses looking for targets
that are running a VNC Server without a password configured.
• Pretty well every administrator worth his/her salt sets a password
prior to allowing inbound connections but you never know when
you might catch a lucky break and a successful pen-test leaves
no stone unturned.
Cont.

• Usage
– use auxiliary/scanner/vnc/vnc_none_auth
– set RHOSTS [Link]/24
– set THREADS 50
– run
Vulnerability Scanning with WMAP
• WMAP is a feature-rich web application vulnerability scanner.
• This tool is integrated with Metasploit and allows us to conduct
web application scanning from within the Metasploit Framework.
• We begin by first creating a new database to store our WMAP
scan results in, load the wmap plugin, and run help to see what
new commands are available to us.
– load wmap
– help
Cont.

• Prior to running a web app scan, we first need to add a

new target URL by passing the -a switch to wmap_sites.
Afterwards, running wmap_sites -l will print out the
available targets.
– wmap_sites -a [Link]
– wmap_sites -l
• Next, we add the site as a target with wmap_targets.
– wmap_targets -t [Link]
[Link]
Cont.
• Using the wmap_run command will scan the target system
– wmap_run -t
– wmap_run -e
• we can see that WMAP has reported one vulnerability. Running vulns
will list the details for us.
– vulns
• Because of our vulnerability scanning with WMAP, we can now use
these results to gather further information on the reported vulnerability.
• As pentesters, we would want to investigate each finding further and
identify if there are potential methods for attack.
Lab report(from 6 point in group)

• Show necessary step how to scan vulnerability using

nexpose
• Show necessary step how to scan vulnerability using
nessus

Log4j Exploitation in Penetration Testing
No ratings yet
Log4j Exploitation in Penetration Testing
25 pages
Metasploit Pro v4.11
No ratings yet
Metasploit Pro v4.11
188 pages
Ethical Hacking: Vulnerability Analysis Guide
No ratings yet
Ethical Hacking: Vulnerability Analysis Guide
11 pages
Penetration Testing Tools Overview
No ratings yet
Penetration Testing Tools Overview
39 pages
Metasploit Vulnerability Scanning Guide
No ratings yet
Metasploit Vulnerability Scanning Guide
12 pages
Vulnerability Scanning Lab with Nessus
No ratings yet
Vulnerability Scanning Lab with Nessus
5 pages
Network Testing with Metasploit
No ratings yet
Network Testing with Metasploit
3 pages
Nessus Vulnerability Scanning Lab
No ratings yet
Nessus Vulnerability Scanning Lab
37 pages
Nessus Vulnerability Scanning Lab Guide
No ratings yet
Nessus Vulnerability Scanning Lab Guide
32 pages
Metasploit Information Gathering Techniques
No ratings yet
Metasploit Information Gathering Techniques
24 pages
First Steps in Network Vulnerability Scanning
No ratings yet
First Steps in Network Vulnerability Scanning
5 pages
Metasploit Network Scanning Guide
No ratings yet
Metasploit Network Scanning Guide
16 pages
Vulnerability Assessment & Exploitation Lab
No ratings yet
Vulnerability Assessment & Exploitation Lab
10 pages
Vulnerability Scanning with SPARTA and Metasploit
No ratings yet
Vulnerability Scanning with SPARTA and Metasploit
5 pages
Aia2 IT21270024
No ratings yet
Aia2 IT21270024
17 pages
VAPT Training: Lab Setup & Tools Guide
No ratings yet
VAPT Training: Lab Setup & Tools Guide
34 pages
Vulnerability Research and Assessment Guide
No ratings yet
Vulnerability Research and Assessment Guide
26 pages
VAPT Report: Exploiting 'Optimum' Machine
No ratings yet
VAPT Report: Exploiting 'Optimum' Machine
11 pages
DVWA Command Injection Exploitation Guide
No ratings yet
DVWA Command Injection Exploitation Guide
16 pages
GVM 6.1.8 Lab: Vulnerability Scanning & Exploitation
No ratings yet
GVM 6.1.8 Lab: Vulnerability Scanning & Exploitation
5 pages
Understanding Penetration Testing Basics
No ratings yet
Understanding Penetration Testing Basics
15 pages
Vulnerability Analysis in Simulation Lab
No ratings yet
Vulnerability Analysis in Simulation Lab
7 pages
Network Vulnerability Scanning Overview
No ratings yet
Network Vulnerability Scanning Overview
14 pages
Metasploit Database Management Guide
No ratings yet
Metasploit Database Management Guide
33 pages
Network Scanning and Spoofing Lab Guide
No ratings yet
Network Scanning and Spoofing Lab Guide
19 pages
Vulnerability Scanning Techniques
No ratings yet
Vulnerability Scanning Techniques
11 pages
Cyber Security Fundamentals and Scanning
No ratings yet
Cyber Security Fundamentals and Scanning
35 pages
GVM Vulnerability Scanner Lab Guide
No ratings yet
GVM Vulnerability Scanner Lab Guide
12 pages
Real-Time Traffic & Port Analysis Tools
No ratings yet
Real-Time Traffic & Port Analysis Tools
63 pages
Nessus Vulnerability Assessment Guide
100% (1)
Nessus Vulnerability Assessment Guide
18 pages
Penetration Testing: Audit Essentials
No ratings yet
Penetration Testing: Audit Essentials
32 pages
CS 315 Lab: Scanning & Reconnaissance
No ratings yet
CS 315 Lab: Scanning & Reconnaissance
9 pages
Penetration Testing Tools Cheat Sheet
100% (1)
Penetration Testing Tools Cheat Sheet
35 pages
Penetration Testing Lab Guide CST630
No ratings yet
Penetration Testing Lab Guide CST630
54 pages
Nmap: Essential Tool for Vulnerability Scanning
No ratings yet
Nmap: Essential Tool for Vulnerability Scanning
5 pages
Metasploit Penetration Testing Guide
100% (3)
Metasploit Penetration Testing Guide
43 pages
Penetration Testing with Metasploitable 2
No ratings yet
Penetration Testing with Metasploitable 2
9 pages
TryHackMe Relevant Pentest Report
No ratings yet
TryHackMe Relevant Pentest Report
22 pages
Penetration Testing Lab Setup Guide
No ratings yet
Penetration Testing Lab Setup Guide
4 pages
Overview of Vulnerability Scanners
No ratings yet
Overview of Vulnerability Scanners
46 pages
Cybersecurity for IT Students
No ratings yet
Cybersecurity for IT Students
65 pages
Penetration Testing Tools Overview
No ratings yet
Penetration Testing Tools Overview
51 pages
Linux Penetration Testing with Metasploit
No ratings yet
Linux Penetration Testing with Metasploit
5 pages
Network Penetration Testing Guide
No ratings yet
Network Penetration Testing Guide
23 pages
Ethical Hacking: Scanning Techniques
No ratings yet
Ethical Hacking: Scanning Techniques
25 pages
Nessus Network and Web Scanning Guide
No ratings yet
Nessus Network and Web Scanning Guide
16 pages
Nessus Malware Scan Overview
No ratings yet
Nessus Malware Scan Overview
19 pages
OpenVAS Penetration Testing Lab Guide
No ratings yet
OpenVAS Penetration Testing Lab Guide
14 pages
Penetration Testing Report for DSU
No ratings yet
Penetration Testing Report for DSU
20 pages
VAPT Lab Manual: Network Traffic Monitoring
No ratings yet
VAPT Lab Manual: Network Traffic Monitoring
21 pages
AIA Final Exam Study Guide
100% (1)
AIA Final Exam Study Guide
4 pages
AWS Penetration Testing Overview
No ratings yet
AWS Penetration Testing Overview
21 pages
Metasploit Framework Overview and Setup
100% (1)
Metasploit Framework Overview and Setup
81 pages
Metasploit Framework Overview and Setup
No ratings yet
Metasploit Framework Overview and Setup
81 pages
OpenVAS and Nmap Vulnerability Scanning
No ratings yet
OpenVAS and Nmap Vulnerability Scanning
12 pages
Web Vulnerability Testing with OWASP ZAP
No ratings yet
Web Vulnerability Testing with OWASP ZAP
42 pages
It20153540 - Aia 2
No ratings yet
It20153540 - Aia 2
15 pages
Comprehensive Guide to Hacking Steps
No ratings yet
Comprehensive Guide to Hacking Steps
29 pages
Configuration Testing for Web Security
No ratings yet
Configuration Testing for Web Security
8 pages
Complexity Theory Course Guide
No ratings yet
Complexity Theory Course Guide
2 pages
Computability and Recursive Functions
No ratings yet
Computability and Recursive Functions
135 pages
Internet Programming I: Overview & History
No ratings yet
Internet Programming I: Overview & History
60 pages
TCP/IP and OSI Layered Models Overview
No ratings yet
TCP/IP and OSI Layered Models Overview
97 pages
Understanding Threads in Operating Systems
No ratings yet
Understanding Threads in Operating Systems
12 pages
HTML Web Page Development Guide
No ratings yet
HTML Web Page Development Guide
65 pages
Research Report Writing Guide
No ratings yet
Research Report Writing Guide
32 pages
HTML Basics for Web Development
No ratings yet
HTML Basics for Web Development
32 pages
Understanding Rational Numbers in Grade 8
No ratings yet
Understanding Rational Numbers in Grade 8
41 pages
Epson 658017 Eu
No ratings yet
Epson 658017 Eu
127 pages
Serial Port Programming with PIC 18F
No ratings yet
Serial Port Programming with PIC 18F
14 pages
Microsoft Azure Cloud Services Overview
No ratings yet
Microsoft Azure Cloud Services Overview
16 pages
Understanding Agile Team Dynamics
No ratings yet
Understanding Agile Team Dynamics
3 pages
Cisco ASR 1004 Router Datasheet
No ratings yet
Cisco ASR 1004 Router Datasheet
4 pages
Datasheet Dpsi1 Aug22
No ratings yet
Datasheet Dpsi1 Aug22
2 pages
Free DP-100 Qns For Microsoft DP-100 Exam
100% (1)
Free DP-100 Qns For Microsoft DP-100 Exam
9 pages
Machine Learning Concepts and Techniques
No ratings yet
Machine Learning Concepts and Techniques
2 pages
Bioinformatics: Key Concepts and Applications
No ratings yet
Bioinformatics: Key Concepts and Applications
55 pages
EAP Level 1: Unit 3A Bag Vocabulary
No ratings yet
EAP Level 1: Unit 3A Bag Vocabulary
35 pages
IoT Heart Rate Monitoring with MAX30100
No ratings yet
IoT Heart Rate Monitoring with MAX30100
17 pages
ESP32 DevKitC Module Connections Guide
No ratings yet
ESP32 DevKitC Module Connections Guide
1 page
WoodCam Software: Variable Processing Guide
No ratings yet
WoodCam Software: Variable Processing Guide
1 page
Controlling Small Electric Motor Speed
No ratings yet
Controlling Small Electric Motor Speed
20 pages
Work Related Learning Report: Internship Insights
No ratings yet
Work Related Learning Report: Internship Insights
34 pages
Sensor Brochure Collection Project Report
No ratings yet
Sensor Brochure Collection Project Report
14 pages
Advanced HF Software Defined Radio
No ratings yet
Advanced HF Software Defined Radio
2 pages
Microservices Architecture Patterns Explained
No ratings yet
Microservices Architecture Patterns Explained
25 pages
Public Domain Book Usage Guidelines
No ratings yet
Public Domain Book Usage Guidelines
207 pages
CMake Configuration for Carla 2.6.0
No ratings yet
CMake Configuration for Carla 2.6.0
29 pages
DC-40 Crystal Ultrasound Overview
No ratings yet
DC-40 Crystal Ultrasound Overview
2 pages
Unscrambling "Janeto" in Context
No ratings yet
Unscrambling "Janeto" in Context
43 pages
Dynatrace Performance Testing Strategies
No ratings yet
Dynatrace Performance Testing Strategies
52 pages
Medicaps B12 TMU Schedule Overview
No ratings yet
Medicaps B12 TMU Schedule Overview
1 page
Active Directory Attack & Defense Toolkit
No ratings yet
Active Directory Attack & Defense Toolkit
11 pages
LCD Module QD241801 Specifications
No ratings yet
LCD Module QD241801 Specifications
14 pages
AutoCAD Commands and Functions Guide
No ratings yet
AutoCAD Commands and Functions Guide
3 pages
XE Series Elliptical Owner's Manual
No ratings yet
XE Series Elliptical Owner's Manual
16 pages
Four Levers of Platform Leadership
No ratings yet
Four Levers of Platform Leadership
17 pages