Vulnerability scanning with metasploit


Hola!! As you all aware of that vulnerabilities can cost you much more and as a developer you don’t need your website to have vulnerabilities (at least I am 😛 ).
And for testing for loopholes in your application can be painful, So here I am to show you a quick demo on how to test your web application for these vulnerabilities.

So we will use a known tool that is Metasploit, this is easy as well as powerful.
We will use two tools of metasploit

  1. msfcrawler
  2. wmap

Firstly we need to have metasploit on your machine, to do that follow below commands for ubuntu

> sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev

 

Or you can follow the instructions from here

Metasploit comes pre-loaded with linux kali and Backtrack OS.

So now we all are set to test our application,  just follow these commands

1. Start metasploit

> msfconsole

msfconsole

 

 

2. Load the msfcrawler

> use auxiliary/scanner/http/crawler

useCrawler

 

 

3. So now you have to ser RHOST (url/IP address eg. localhost) and RPORT (port in whch you want to connect eg. 9000)

> set RHOST localhost

> set RPORT 9000

rhost

 

 

 

4. Run the crawler

> run

runCrawler

5.  After finishing crawling we have to load the “wmap”

> load wmap

loadWmap

6. Now we have to create site in wmap

> wmap_sites -a localhost:9000

7. Now you can see your added sites by

> wmap_sites -l

wmapSiteL

8. Now we have to add this site in to our targets

> wmap_target -d 0

Note:- 0 is this id of the site

and we can see our selected targets by

> wmap_target -l

targets

9. Run the vulnerability scanner

> wmap_run -e

This can take a while depending on the size of the site

wmap-e

10 .  After scanning finished we can see the vulnerabilities if we found any

> vulns

Untitled Diagram

So you are done, this will show you codes each representing a vulnerability, and if you know your weaknesses and you can overcome them :).

Happy Coding.

Cheers.

References :-

  1. http://www.metasploit.com/
  2. https://www.offensive-security.com/
This entry was posted in Scala, Security, Vulnerability Scanning and tagged , , , , , , . Bookmark the permalink.

3 Responses to Vulnerability scanning with metasploit

  1. Pingback: Vulnerability scanning with metasploit | dotnetask

  2. Pingback: Vulnerability scanning with metasploit | knoldernarayan

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s