Metasploit - Vulnerability Scan

A vulnerability is a system hole that one can exploit to gain unauthorized access to sensitive data or inject malicious code. Metasploit, like all the others security applications, has a vulnerability scanner which is available in its commercial version.

With the help of a vulnerability scanner, you can do nearly all the jobs with one application. This facility is not there in the free version of Metasploit. If you are using a free version of Metasploit, then you will have to use Nessus Vulnerability Scanner and then import the results from there. Metasploit uses Nexpose to do the scan.

Let’s see how to scan with Nexpose in the Pro version of Metasploit.

First, add Nexpose console to Metasploit WEB UI. To do this, go to: Administration → Global Setting → Nexpose Console → Configure Nexpose Console.

Configure Nexpose Console

Enter the IP of the server having Nexpose installed. Next, enter the port number, the username and the password. Select enable.

Select Enable

Next, click the Netexpose button → add the IP address of the host or network to be scanned → select scan template. It will initiate the scanning process.

Click Netexpose

To view the scan result, go to Analysis → Host.