Open In App

Using Metasploit and Nmap to Scan for Vulnerabilities in Kali Linux

Improve
Improve
Like Article
Like
Save
Share
Report

The Metasploit framework is a penetration testing tool for exploiting and validating vulnerabilities. It includes the fundamental architecture, particular content, and tools required for penetration testing and extensive security evaluation. It is a well-known exploitation framework that is routinely updated; new exploits are included as soon as they are announced. It can be easily altered and used with most operating systems because it is an open-source framework.

Accessing Msfconsole

The Metasploit Framework can be accessed via the Kali Whisker Menu or by typing the following command directly into the terminal.

msfconsole

 

Nmap

Nmap, or network mapper, is an open-source program for scanning and finding network vulnerabilities. Pentesters and other security experts use Nmap to find devices operating on their networks. It also exposes possible dangers by displaying the services and ports of each host machine.

Nmap is highly adaptable, allowing it to monitor everything from a single host system to a large network with over a hundred devices. Nmap’s core features a port-scanning utility that collects data by sending packets to a host system. Nmap gathers packet responses and determines if a port is closed, open, or filtered.

 

Performing a basic Nmap Scan

Nmap can scan and discover a single IP address, a range of IP addresses, a DNS name, and content from text documents. We will demonstrate how to use Nmap to perform a basic scan using the localhost IP address.

Step 1: To view your localhost IP address, run the following command in the terminal. Your IP address is displayed as inet xx.x.x.xx in eth0, in our case 10.0.2.15, as shown below.

ifconfig

 

Step 2: Take note of this IP address and enter the command below into the terminal. It returns a result after scanning the first 1000 ports on the localhost machine.

sudo nmap 10.0.2.15

 

Step 3: Analyze the results.

Scanning “scanme” with Nmap

Nmap can scan the Nmap “scanme” domain and display all open, closed, and filtered ports. It also displays the encryption algorithms linked to those ports.

Step 1: Open a terminal window and type the following command.

nmap -v -A scanme.nmap.org

 

Step 2: Examine the outcomes. In the above terminal window, look for the PORT, STATE, SERVICE, and VERSION parts. You will notice the open ssh port as well as the operating system details. ssh-hostkey and its encryption technique are shown below.

Steps to use Metasploit and Nmap to Scan for Vulnerabilities 

Step 1: To begin, we launch Metasploit and activate the port scanner module.

use auxiliary/scanner/portscan/tcp

 

Step 2: Then we use show options to configure the settings for this module.

show options

 

Step 3: We configure RHOSTS with the IP/IP(s) of our machine(s), and if we want we can modify the scan for certain ports by setting PORTS.

set RHOSTS 192.168.56.103

set PORTS 22,25,80,110,21

 

Step 4: Following the scan, we will receive an output indicating the open ports on the previously defined target machine.

set THREADS 3

run

 

Step 5: Once we’ve established a clear picture of the available ports, we can begin enumerating them in order to observe and locate the operating services, as well as their versions.

db_nmap -sV -p 25,80,22 192.168.56.103

 

Step 6: Once we’ve identified the open ports and the services that operate on them, we can continue our scan to check for detailed version numbers on each service running on each port, so we may try different auxiliary modules in Metasploit to uncover potential vulnerabilities.

db_nmap -sV -A -p 25,80,22 192.168.56.103

 

Step 7: Analyze all the results.


Last Updated : 02 Jan, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads