Metasploit - Vulnerability Validation

Metasploit - Vulnerability Validation

 we will learn how to validate the vulnerabilities that we have found from vulnerability scanners like Nexpose. This process is also known as vulnerability analysis.
As shown in the following screenshot, a vulnerability scanner can sometimes give you hundreds of vulnerabilities. In such a case, it can be quite time-consuming to validate each and every vulnerability.
Vulnerability Analysis
Metasploit Pro has a feature called Vulnerability Validation to help you save time by validating the vulnerabilities automatically and give you an overview of the most crucial vulnerabilities that can be very harmful for your system. It also has an option to classify the vulnerabilities according to their severity.
Let’s see how you can use this option. Open Metasploit Pro Web Console → Project → Vulnerability Validation.
Vulnerability Validation
Next, enter the Project Name and provide an easy description about the project. Then, click the Start button.
Click Start Button
Click "Pull from Nexpose". Select "Import existing Nexpose vulnerability data" as shown in the following screenshot.
Pull from Nexpose
Click Tag → Automatically Tag by OS. It will separate the vulnerabilities for you.
Click Tag
Next, go to Exploit → Sessions and check the option "Clean up sessions when done". It means when the vulnerability will be checked, there will be interaction between the Metasploit machine and the vulnerable machine.
Check vulnerability
Click Generate Report → Start.
Click Generate Report
Next, you will see a Validation Wizard. Here, you need to click the Push validations button.
Push validations
You will get the following screen after you have all the list of the vulnerabilities tested.
Vulnerabilities Tested
To see the results of the tested vulnerabilities, go to Home → Project Name → Vulnerabilities.
Vulnerabilities Result

No comments

Powered by Blogger.