Network vulnerability assessment
Introduction
In this blog post, we will learn about vulnerability assessment, how to perform, and tools to perform a vulnerability assessment.
What is Vulnerability Assessment ?
Vulnerability Assessment is the process, that we used to sort the vulnerability list present in the target system. We exploit the target system using found vulnerabilities and loopholes in the target system.
How to do Vulnerability Assessment?
We can do a vulnerability assessment in two ways:
Manualy: Using our previous finding in target system.
Automated: Using Vulnerability Assessment tool.
We have discussed sensitive findings of target network using manual approaches, in this blog we will discuss automated network assessment tools and how to use them.
Nmap vulnerability scanning
As we have discussed Nmap is a powerful tool, we can also use it to scan vulnerabilities in the target system.
# nmap --script vulners -sV <TargetIP>
Or you can also specify particular ports to scan for vulnerabilities.
# nmap --script vulners -sV -p 21-443 <TargetIP>
If you want to run all vulnerability scan in Nmap script
# nmap --script vuln <TargetIP>
It will run all scripts against target and give valuable results…
Vulnerability Assessment Through Metaspoit
Metasploit-framework is a powerful tool, we can use it also to perform vulnerability assessment against the target.
Using openvas in metasploit
openvas comes preconfigured in Parrot-OS, we can use it directly or integrate it with the Metasploit framework.
Set openvas credentials
# openvasmd -- -user=admin -- -new-password=password
Run msfconsole
# msfconsole
To run msfconsole, you need load it first
msf5 > load openvas
[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*]
[*] OpenVAS integration requires a database connection. Once the
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*]
[*] Successfully loaded plugin: OpenVAS
List commands
msf5 > openvas_help
Connect openvas
msf5 > openvas_connect <openvas username> <openvas password> <host port> <ssl-confirm>
msf5 > openvas_connect admin password localhost 9900 ok
register target to scan
msf5 > openvas_target_create “Dushman” 192.168.0.1 “Myscan”
Now check openvas config list
msf5 > openvas_config_list
check target list
msf5 > openvas_target_list
And create a task
openvas_task_create <scanname> <comment> <scanconfig ID> <targetID>
msf5 > openvas_task_create Dushman Myscan 3 1
And start task
openvas_task_start <taskID>
msf5 > openvas_task_start 0
to check task list and status
msf5 > open_vas_list
After completing the scan collect report
msf5 > openvas_report_list
You can collect report in many file formats
msf5 > openvas_format_list
To collect the report below is the syntax
openvas_report_download <report id> <format id> <path for saving report> <report name>
Lets collect report in html.
msf5 > openvas_report_download 1 2 ~/Desktop dushman
It’s done check it on your desktop
Using Nessus in Metasploit
Download nessus free trial software for linux to see its working click here
And follow its configuration setup from here
Run msfconsole in your terminal
# msfconsole
msf5 > load Nessus
[*] Nessus Bridge for Metasploit
[*] Type nessus_help for a command listing
[*] Successfully loaded plugin: Nessus
msf5 > nessus_help
Now connect it with the localhost to start the scan.
nessus_connect <Your Username>:<Your Password>@localhost:8834 <ok>
To list nessus policies
msf5 > nessus_policy_list
It will show you
ID Name Comments
-- ---- ---------
2 Internal Network Scan
3 External Network Scan
Now scan target network
msf5 > nessus_scan_new <policy ID> <scan name> <Target IP>
msf5 > nessus_scan_new 2 Myscan 10.10.10.189
To check the scan status
msf5 > nessus_scan_status
It will automatically create a scan report, to check
msf5 > nessus_report_list
And collect your report
msf5 > nessus_report_get <report id>
You can also use Nessus directly I just additionally show you how to integrate Nessus with Metasploit.
Conclusion
We have learned network VA from this blog post, use Nessus GUI also on your localhost, follow above links.