Steps to use Metasploit and Nmap to Scan for Vulnerabilities

Step 1: To begin, we launch Metasploit and activate the port scanner module.

use auxiliary/scanner/portscan/tcp

Step 2: Then we use show options to configure the settings for this module.

show options

Step 3: We configure RHOSTS with the IP/IP(s) of our machine(s), and if we want we can modify the scan for certain ports by setting PORTS.

set RHOSTS 192.168.56.103

set PORTS 22,25,80,110,21

Step 4: Following the scan, we will receive an output indicating the open ports on the previously defined target machine.

set THREADS 3

run

Step 5: Once we’ve established a clear picture of the available ports, we can begin enumerating them in order to observe and locate the operating services, as well as their versions.

db_nmap -sV -p 25,80,22 192.168.56.103

Step 6: Once we’ve identified the open ports and the services that operate on them, we can continue our scan to check for detailed version numbers on each service running on each port, so we may try different auxiliary modules in Metasploit to uncover potential vulnerabilities.

db_nmap -sV -A -p 25,80,22 192.168.56.103

Step 7: Analyze all the results.

The Metasploit framework is a penetration testing tool for exploiting and validating vulnerabilities. It includes the fundamental architecture, particular content, and tools required for penetration testing and extensive security evaluation. It is a well-known exploitation framework that is routinely updated; new exploits are included as soon as they are announced. It can be easily altered and used with most operating systems because it is an open-source framework.