Metasploit The Penetration Tester's Guide Part 5

Metasploit Vulnerability Scan
A vulnerability is the one hole system can exploit to gain unauthorized access to sensitive data or inject malicious code. Metasploit, like all other security applications, has a vulnerability scanner available in the commercial version.

With the help of vulnerability scanners, you can do almost all the work with one application. This facility is not in the free version of Metasploit. If you are using the free version of Metasploit, then you will have to use the Nessus Vulnerability Scanner and then importing the results from there. Metasploit using Nexpose to perform the scan.

Let's see how to scan with NeXpose in Pro version of Metasploit.

First, add the Metasploit console to NeXpose WEB UI. To do this, go to: Administrasi → global Settings → NeXpose Console → Configure NeXpose Console.

Enter the IP of the server have installed NeXpose. Next, enter a port number, username and password. Select enable.

Next, click the button Netexpose → add the IP address of the host or network to scan → select Scan templates. This will start the scanning process.

To view the scan results, go to Analysis → Host.

Click here for Comments