Security

how to scan for vulnerabilities with Metasploit

A vulnerability is a security defect in a system that can be oppressed to obtain illegal access to sensitive information or inject malicious code. Metasploit, just like all the other security systems, comes with a vulnerability scanner in its professional edition. Metasploit is a valuable tool that could be used not just for exploitation but also for penetration testing and intrusion detection. The Metasploit framework has become a penetration testing tool that may be used to exploit and evaluate security flaws. It includes the essential infrastructure, information, and techniques for penetration testing and a comprehensive security assessment. When used correctly, this is a fantastic tool for a pen tester, although it is not without flaws. Vulnerability scanning is notable for its high rate of false positives and negatives. It is probably one of the best exploitation frameworks, and it is upgraded regularly, with new exploits being added as soon as they are released. Vulnerability scanning allows a penetration tester to quickly search a targeted IP range and known vulnerabilities, giving them an indication of which attacks are worth attempting.

As an ethical hacker, you will use the “Kali Distribution,” which includes the community edition of Metasploit and additional ethical hacking tools. However, if you wish to install Metasploit only as a distinct tool, you may do so simply on Linux, Windows, or Mac OS X platforms. We are using kali Linux in our tutorial.

Accessing Msfconsole

MSFconsole is a command-line interface for working with and accessing the Metasploit Framework. The MSFconsole is perhaps the most frequently used Metasploit Framework user interface. Scanning targets, exploiting vulnerabilities, and collecting data are all possible by using the console. You can access msfconsole by the execution of the following listed command.

> msfconsole

Now we are going to load the msfcrawler by using the following affixed command.

> use auxiliary/scanner/http/crawler

There will be no specific out for the above-listed command. Now you must check for RHOST that is a URL or IP address, such as localhost and RPORT, which is a port number you have to join. In our case, we have used port number 9000.

> set RHOST localhost
> set RPORT 9000

The output depicts the clear picture that both RHOST and the port number have been adjusted accordingly. Now the time comes that we have to run the relevant crawler. Utilize the below-appended instruction for this purpose.

> run

After getting done with crawling, the load wmap command makes loading the WMAP module straightforward, as shown in the affixed screenshot.

> load wmap

Now you have to use the -a flag preceded by the site address using wmap sites to add a site.

> wmap_sites -a localhost:9000

Using the -l parameter on wmap sites, we could now list the accessible sites. To execute the appended below command to get your work done:

> wmap_sites -l

Now we must include this website in our targets by the execution of appended below command.

> wmap_target -d 0

“0” reflects the id of the attached site mentioned in the above instruction. Next, we will use wmap targets to specify the precise target URL we want to scan. To display the defined targets, execute wmap targets with the -l argument.

> wmap_target -l

Let’s start running the wmap run with the -e flag, which will execute all of the modules rather than just one. The scanning can take a long time to complete depending on the target site and the number of enabled modules. The scan will indicate how long it would take to complete after it’s finished. To execute the cited below instruction in the terminal.

> wmap_run -e

There are components for directories testing, query testing, web application testing, and SSL testing; however, as our target does not use SSL, these modules are deactivated. After the scanning is complete, we may view the vulnerabilities that have been identified with the help of the listed command.

> vulns

WMAP might not produce as extensive data as other web vulnerability scanners, but this insight might be a valuable jumping-off point to explore different lines of attack. This scanner can be quickly loaded and utilized from inside the Metasploit Framework, which makes it a handy tool to learn how to use.

Conclusion

The Metasploit Framework is a collection of tools for testing security vulnerabilities, enumerating networks, executing attacks, and avoiding detection. We learned how to use the WMAP plugins to analyze a web application for vulnerabilities. I hope now you will get a lot of knowledge regarding vulnerability scanning using the Metasploit framework in Kali Linux.

About the author

Kalsoom Akhtar

Hello, I am a freelance writer and usually write for Linux and other technology related content