Using Metasploit and Nmap to Scan for Vulnerabilities in Kali Linux
The Metasploit framework is a penetration testing tool for exploiting and validating vulnerabilities. It includes the fundamental architecture, particular content, and tools required for penetration testing and extensive security evaluation. It is a well-known exploitation framework that is routinely updated; new exploits are included as soon as they are announced. It can be easily altered and used with most operating systems because it is an open-source framework.
Accessing Msfconsole
The Metasploit Framework can be accessed via the Kali Whisker Menu or by typing the following command directly into the terminal.
msfconsole
Nmap
Nmap, or network mapper, is an open-source program for scanning and finding network vulnerabilities. Pentesters and other security experts use Nmap to find devices operating on their networks. It also exposes possible dangers by displaying the services and ports of each host machine.
Nmap is highly adaptable, allowing it to monitor everything from a single host system to a large network with over a hundred devices. Nmap’s core features a port-scanning utility that collects data by sending packets to a host system. Nmap gathers packet responses and determines if a port is closed, open, or filtered.
Performing a basic Nmap Scan
Nmap can scan and discover a single IP address, a range of IP addresses, a DNS name, and content from text documents. We will demonstrate how to use Nmap to perform a basic scan using the localhost IP address.
Step 1: To view your localhost IP address, run the following command in the terminal. Your IP address is displayed as inet xx.x.x.xx in eth0, in our case 10.0.2.15, as shown below.
ifconfig
Step 2: Take note of this IP address and enter the command below into the terminal. It returns a result after scanning the first 1000 ports on the localhost machine.
sudo nmap 10.0.2.15
Step 3: Analyze the results.
Scanning “scanme” with Nmap
Nmap can scan the Nmap “scanme” domain and display all open, closed, and filtered ports. It also displays the encryption algorithms linked to those ports.
Step 1: Open a terminal window and type the following command.
nmap -v -A scanme.nmap.org
Step 2: Examine the outcomes. In the above terminal window, look for the PORT, STATE, SERVICE, and VERSION parts. You will notice the open ssh port as well as the operating system details. ssh-hostkey and its encryption technique are shown below.
Steps to use Metasploit and Nmap to Scan for Vulnerabilities
Step 1: To begin, we launch Metasploit and activate the port scanner module.
use auxiliary/scanner/portscan/tcp
Step 2: Then we use show options to configure the settings for this module.
show options
Step 3: We configure RHOSTS with the IP/IP(s) of our machine(s), and if we want we can modify the scan for certain ports by setting PORTS.
set RHOSTS 192.168.56.103 set PORTS 22,25,80,110,21
Step 4: Following the scan, we will receive an output indicating the open ports on the previously defined target machine.
set THREADS 3 run
Step 5: Once we’ve established a clear picture of the available ports, we can begin enumerating them in order to observe and locate the operating services, as well as their versions.
db_nmap -sV -p 25,80,22 192.168.56.103
Step 6: Once we’ve identified the open ports and the services that operate on them, we can continue our scan to check for detailed version numbers on each service running on each port, so we may try different auxiliary modules in Metasploit to uncover potential vulnerabilities.
db_nmap -sV -A -p 25,80,22 192.168.56.103
Step 7: Analyze all the results.