Home
Forums
New posts
Search forums
What's new
New posts
New resources
New profile posts
Latest activity
Resources
Latest reviews
Search resources
Members
Current visitors
New profile posts
Search profile posts
Verified members
Awards
Advertising
Log in
Register
What's new
Search
Search
Search titles only
By:
Menu
Log in
Register
Install the app
Install
Details For Premium Membership ( 399$ )
TradexPro |
| BICRYPTO
With All Addons ( 149$ ) Version
4.6.8
👉👉 🔗BICRYPTO DEMO 👈👈
credentials:
Email:
[email protected]
Password: 12345678
Payment Method
TradexPro |
With All Addons ( 179$ ) Version
3.1.1
👉👉 🔗Demo: TradexPro- latest-version ( admin )👈👈
👉👉 🔗Demo: TradexPro- latest-version ( frontend )👈👈
credentials:
Email:
[email protected]
Password: 123456
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
New posts
Search forums
Home
Forums
Spamming
Scama/Letter
Official by Crax.cc
Vulnerability scanning with Metasploit part 1
Reply to thread
Message
<blockquote data-quote="Poison_tools" data-source="post: 880" data-attributes="member: 554"><p><h2><strong>Vulnerability scanning with Metasploit</strong></h2><p>In this article, we’ll look at how to perform vulnerability assessments of network and web applications using Metasploit’s built-in plugins. We’ll start with <a href="https://www.openvas.org/" target="_blank">OpenVAS </a>first; You need to install OpenVAS on your system before jumping into msfconsole. The installation process is listed on the official website of BackTrack <a href="http://www.backtrack-linux.org/wiki/index.php/OpenVas" target="_blank">http://www.backtrack-linux.org/wiki/index.php/OpenVas</a>. Follow the instructions. Now we come to our topic of how to perform a vulnerability assessment via OpenVAS.</p><p></p><p>To start OpenVAS, type load openvas in msfconsole and it will load and open the VAS plugin from its database.</p><p></p><p></p><p>Now type in <strong>openvas_help</strong> and it will show all usage commands for OpenVAS.</p><p></p><p>[ATTACH=full]399[/ATTACH]</p><p>We have to connect our OpenVAS to its server by giving the command <strong>openvas_connect</strong> and it will show the full usage command, which is <strong>openvas_connect username password host port <ssl-confirm></strong> for connecting to the server. In my case, the command is <strong>openvas_connect rohit toor localhost 9390 ok</strong></p><p></p><p></p><p>As can we can see in the above figure, our OpenVAS connection is successful. Now we will create a target for scanning. The command for creating a target is <strong>openvas_target_create <scan name> <target IP> <any comments></strong> . In the below figure, we can see my scan name is windows7 , the target is 192.168.0.101 and the comment is new_scan , so the command is <strong>openvas_target_create “windows7” 192.168.0.101 “new_scan”</strong></p><p></p><p></p><p>After creating the target, we want to see the OpenVAS’s scan configuration list, so type in <strong>openvas_config_list</strong>.</p><p></p><p>OpenVAS has four types of scan configuration; we will select this as per requirement. Next type in <strong>openvas_target_list</strong> and it will show your created targets.</p><p></p><p>[ATTACH=full]398[/ATTACH]</p><p>Now we have a target and we have also seen the scan configuration, so we will create a task for scanning our target machine.</p><p></p><p><img src="https://resources.infosecinstitute.com/wp-content/uploads/121113_2116_Vulnerabili7.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p>To create a task, the command is <strong>openvas_task_create <scanname> <comment> <scanconfig ID> <targetID></strong></p><p></p><p>For example, in the above figure, we type in <strong>openvas_task_create windows7 new_scan 3 1</strong></p><p></p><p>We can see that our task is created and the task ID is 0 for our target machine. Now start the task by typing in <strong>openvas_task_start <taskID>.</strong> Here we are using <strong>openvas_task_start 0</strong></p><p></p><p><img src="https://resources.infosecinstitute.com/wp-content/uploads/121113_2116_Vulnerabili8.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p>As we can see, after giving the start command, our request is submitted, which means our scan should be starting now. Let us check by typing in <strong>open_vas_list</strong> and it shows that our scan status is running and progress is 1, meaning 1%.</p><p></p><p>Just wait for some time and again check the progress.</p><p>The progress is now 80%, which means it’s almost complete. When the scan is complete, the progress will show -1. and the status will show “Done.”</p><p></p><p>Our scan is completed now, so we can download the report; type in <strong>openvas_report_list</strong> and it will show all reports from its database.</p><p></p><p>There are several formats for downloading the report. Type in openvas_format_list and it will list all available formats.</p><p></p><p>After choosing the format, we can download the report by using this command: <strong>openvas_report_download <report id> <format id> <path for saving report> <report name></strong>. Here we are using <strong>openvas_report_download 1 5 /root/Desktop report</strong></p><p></p><p>The OpenVAS has a bug in the report format: Whenever I tried to download PDF or XML formats, it gives blank report, so again I download the report in HTML format and this format is working</p></blockquote><p></p>
[QUOTE="Poison_tools, post: 880, member: 554"] [HEADING=1][B]Vulnerability scanning with Metasploit[/B][/HEADING] In this article, we’ll look at how to perform vulnerability assessments of network and web applications using Metasploit’s built-in plugins. We’ll start with [URL='https://www.openvas.org/']OpenVAS [/URL]first; You need to install OpenVAS on your system before jumping into msfconsole. The installation process is listed on the official website of BackTrack [URL]http://www.backtrack-linux.org/wiki/index.php/OpenVas[/URL]. Follow the instructions. Now we come to our topic of how to perform a vulnerability assessment via OpenVAS. To start OpenVAS, type load openvas in msfconsole and it will load and open the VAS plugin from its database. Now type in [B]openvas_help[/B] and it will show all usage commands for OpenVAS. [ATTACH type="full" alt="image-64.jpg"]399[/ATTACH] We have to connect our OpenVAS to its server by giving the command [B]openvas_connect[/B] and it will show the full usage command, which is [B]openvas_connect username password host port <ssl-confirm>[/B] for connecting to the server. In my case, the command is [B]openvas_connect rohit toor localhost 9390 ok[/B] As can we can see in the above figure, our OpenVAS connection is successful. Now we will create a target for scanning. The command for creating a target is [B]openvas_target_create <scan name> <target IP> <any comments>[/B] . In the below figure, we can see my scan name is windows7 , the target is 192.168.0.101 and the comment is new_scan , so the command is [B]openvas_target_create “windows7” 192.168.0.101 “new_scan”[/B] After creating the target, we want to see the OpenVAS’s scan configuration list, so type in [B]openvas_config_list[/B]. OpenVAS has four types of scan configuration; we will select this as per requirement. Next type in [B]openvas_target_list[/B] and it will show your created targets. [ATTACH type="full" alt="image-68.jpg"]398[/ATTACH] Now we have a target and we have also seen the scan configuration, so we will create a task for scanning our target machine. [IMG]https://resources.infosecinstitute.com/wp-content/uploads/121113_2116_Vulnerabili7.png[/IMG] To create a task, the command is [B]openvas_task_create <scanname> <comment> <scanconfig ID> <targetID>[/B] For example, in the above figure, we type in [B]openvas_task_create windows7 new_scan 3 1[/B] We can see that our task is created and the task ID is 0 for our target machine. Now start the task by typing in [B]openvas_task_start <taskID>.[/B] Here we are using [B]openvas_task_start 0[/B] [IMG]https://resources.infosecinstitute.com/wp-content/uploads/121113_2116_Vulnerabili8.png[/IMG] As we can see, after giving the start command, our request is submitted, which means our scan should be starting now. Let us check by typing in [B]open_vas_list[/B] and it shows that our scan status is running and progress is 1, meaning 1%. Just wait for some time and again check the progress. The progress is now 80%, which means it’s almost complete. When the scan is complete, the progress will show -1. and the status will show “Done.” Our scan is completed now, so we can download the report; type in [B]openvas_report_list[/B] and it will show all reports from its database. There are several formats for downloading the report. Type in openvas_format_list and it will list all available formats. After choosing the format, we can download the report by using this command: [B]openvas_report_download <report id> <format id> <path for saving report> <report name>[/B]. Here we are using [B]openvas_report_download 1 5 /root/Desktop report[/B] The OpenVAS has a bug in the report format: Whenever I tried to download PDF or XML formats, it gives blank report, so again I download the report in HTML format and this format is working [/QUOTE]
Verification
Post reply
Home
Forums
Spamming
Scama/Letter
Official by Crax.cc
Vulnerability scanning with Metasploit part 1
Top
