Vulnerability scanning with metasploit

Hola!! As you all aware of that┬ávulnerabilities can cost you much more and as a developer you don’t need your website to have┬ávulnerabilities (at least I am ­čśŤ ).
And for testing for loopholes in your application can be painful, So here I am to show you a quick demo on how to test your web application for these vulnerabilities.

So we will use a known tool that is Metasploit, this is easy as well as powerful.
We will use two tools of metasploit

  1. msfcrawler
  2. wmap

Firstly we need to have metasploit on your machine, to do that follow below commands for ubuntu

> sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev

 

Or you can follow the instructions from here

Metasploit comes pre-loaded with linux kali and Backtrack OS.

So now we all are set to test our application,  just follow these commands

1. Start metasploit

> msfconsole

msfconsole

 

 

2. Load the msfcrawler

> use auxiliary/scanner/http/crawler

useCrawler

 

 

3. So now you have to ser RHOST (url/IP address eg. localhost) and RPORT (port in whch you want to connect eg. 9000)

> set RHOST localhost

> set RPORT 9000

rhost

 

 

 

4. Run the crawler

> run

runCrawler

5. ┬áAfter finishing crawling we have to load the “wmap”

> load wmap

loadWmap

6. Now we have to create site in wmap

> wmap_sites -a localhost:9000

7. Now you can see your added sites by

> wmap_sites -l

wmapSiteL

8. Now we have to add this site in to our targets

> wmap_target -d 0

Note:- 0 is this id of the site

and we can see our selected targets by

> wmap_target -l

targets

9. Run the vulnerability scanner

> wmap_run -e

This can take a while depending on the size of the site

wmap-e

10 .  After scanning finished we can see the vulnerabilities if we found any

> vulns

Untitled Diagram

So you are done, this will show you codes each representing a vulnerability, and if you know your weaknesses and you can overcome them :).

Happy Coding.

Cheers.

References :-

  1. http://www.metasploit.com/
  2. https://www.offensive-security.com/

3 thoughts on “Vulnerability scanning with metasploit

Leave a Reply

%d bloggers like this: