Running NeXpose from the web GUI is great for fine-tuning vulnerability
scans and generating reports.
But if you prefer to remain in msfconsole, you can still run full
vulnerability scans with the NeXpose plug-in included in Metasploit.
First of all, delete any existing database with db_destroy, create a
new database in Metasploit with db_connect, and then load the NeXpose
plug-in with load nexpose :
msf > db_destroy postgres:toor@127.0.0.1/msf3
[*] Warning: You will need to enter the password at the prompts below
Password:
msf > db_connect postgres:toor@127.0.0.1/msf3
msf > load nexpose
[*] NeXpose integration has been activated
[*] Successfully loaded plugin: nexpose
Before running your first scan from msfconsole, you will need to
connect to your NeXpose installation. Enter nexpose_connect -h to
display the usage required to connect; add your username, password, and
host address; and accept the SSL certificate warning by adding ok to
the end of the connect string:
msf > nexpose_connect -h
[*] Usage:
[*] nexpose_connect username:password@host[:port] <ssl-confirm>
[*] -OR-
[*] nexpose_connect username password host port <ssl-confirm>
msf > nexpose_connect user:password@192.168.1.2 ok
[*] Connecting to NeXpose instance at 192.168.1.2:3780 with username user...
Now enter nexpose_scan followed by the target IP address to initiate a
scan:
msf > nexpose_scan 192.168.1.2
[*] Scanning 1 addresses with template pentest-audit in sets of 32
[*] Completed the scan of 1 addresses
msf >
After the NeXpose scan completes, the database you created earlier
should contain the results of the vulnerability scan. To view the
results, enter db_hosts,
msf > db_hosts -c address
Hosts
=====
address Svcs Vulns Workspace
------- ---- ----- ---------
192.168.1.2 5 8 default
msf >
As you can see, NeXpose has discovered seven vulnerabilities.
Run db_vulns to display the vulnerabilities found:
msf > db_vulns
scans and generating reports.
But if you prefer to remain in msfconsole, you can still run full
vulnerability scans with the NeXpose plug-in included in Metasploit.
First of all, delete any existing database with db_destroy, create a
new database in Metasploit with db_connect, and then load the NeXpose
plug-in with load nexpose :
msf > db_destroy postgres:toor@127.0.0.1/msf3
[*] Warning: You will need to enter the password at the prompts below
Password:
msf > db_connect postgres:toor@127.0.0.1/msf3
msf > load nexpose
[*] NeXpose integration has been activated
[*] Successfully loaded plugin: nexpose
Before running your first scan from msfconsole, you will need to
connect to your NeXpose installation. Enter nexpose_connect -h to
display the usage required to connect; add your username, password, and
host address; and accept the SSL certificate warning by adding ok to
the end of the connect string:
msf > nexpose_connect -h
[*] Usage:
[*] nexpose_connect username:password@host[:port] <ssl-confirm>
[*] -OR-
[*] nexpose_connect username password host port <ssl-confirm>
msf > nexpose_connect user:password@192.168.1.2 ok
[*] Connecting to NeXpose instance at 192.168.1.2:3780 with username user...
Now enter nexpose_scan followed by the target IP address to initiate a
scan:
msf > nexpose_scan 192.168.1.2
[*] Scanning 1 addresses with template pentest-audit in sets of 32
[*] Completed the scan of 1 addresses
msf >
After the NeXpose scan completes, the database you created earlier
should contain the results of the vulnerability scan. To view the
results, enter db_hosts,
msf > db_hosts -c address
Hosts
=====
address Svcs Vulns Workspace
------- ---- ----- ---------
192.168.1.2 5 8 default
msf >
As you can see, NeXpose has discovered seven vulnerabilities.
Run db_vulns to display the vulnerabilities found:
msf > db_vulns
No comments:
Post a Comment