Vulnerability scanning with Metasploit
In this article, we’ll look at how to perform vulnerability assessments of network and web applications using Metasploit’s built-in plugins. We’ll start with OpenVAS first; You need to install OpenVAS on your system before jumping into msfconsole. The installation process is listed on the official website of BackTrack http://www.backtrack-linux.org/wiki/index.php/OpenVas. Follow the instructions. Now we come to our topic of how to perform a vulnerability assessment via OpenVAS.To start OpenVAS, type load openvas in msfconsole and it will load and open the VAS plugin from its database.
Now type in openvas_help and it will show all usage commands for OpenVAS.
We have to connect our OpenVAS to its server by giving the command openvas_connect and it will show the full usage command, which is openvas_connect username password host port <ssl-confirm> for connecting to the server. In my case, the command is openvas_connect rohit toor localhost 9390 ok
As can we can see in the above figure, our OpenVAS connection is successful. Now we will create a target for scanning. The command for creating a target is openvas_target_create <scan name> <target IP> <any comments> . In the below figure, we can see my scan name is windows7 , the target is 192.168.0.101 and the comment is new_scan , so the command is openvas_target_create “windows7” 192.168.0.101 “new_scan”
After creating the target, we want to see the OpenVAS’s scan configuration list, so type in openvas_config_list.
OpenVAS has four types of scan configuration; we will select this as per requirement. Next type in openvas_target_list and it will show your created targets.
Now we have a target and we have also seen the scan configuration, so we will create a task for scanning our target machine.
To create a task, the command is openvas_task_create <scanname> <comment> <scanconfig ID> <targetID>
For example, in the above figure, we type in openvas_task_create windows7 new_scan 3 1
We can see that our task is created and the task ID is 0 for our target machine. Now start the task by typing in openvas_task_start <taskID>. Here we are using openvas_task_start 0
As we can see, after giving the start command, our request is submitted, which means our scan should be starting now. Let us check by typing in open_vas_list and it shows that our scan status is running and progress is 1, meaning 1%.
Just wait for some time and again check the progress.
The progress is now 80%, which means it’s almost complete. When the scan is complete, the progress will show -1. and the status will show “Done.”
Our scan is completed now, so we can download the report; type in openvas_report_list and it will show all reports from its database.
There are several formats for downloading the report. Type in openvas_format_list and it will list all available formats.
After choosing the format, we can download the report by using this command: openvas_report_download <report id> <format id> <path for saving report> <report name>. Here we are using openvas_report_download 1 5 /root/Desktop report
The OpenVAS has a bug in the report format: Whenever I tried to download PDF or XML formats, it gives blank report, so again I download the report in HTML format and this format is working