What are Vulnerability Scanners ?
Vulnerability scanners are automated tools used to identify security flaws affecting a given system or application. Vulnerability scanners typically work by fingerprinting a target’s operating system (that is, identifying the version and type) as well as any services that are running. Once you have fingerprinted the target’s operating system, you use the vulnerability scanner to execute specific checks to determine whether vulnerabilities exist. Of course, these checks are only as good as their creators, and, as with any fully automated solution, they can sometimes miss or misrepresent vulnerabilities on a system.
Most modern vulnerability scanners do an amazing job of minimizing false positives, and many organizations use them to identify out-of-date systems or potential new exposures that might be exploited by attackers. Vulnerability scanners play a very important role in penetration testing, especially in the case of overt testing, which allows you to launch multiple attacks without having to worry about avoiding detection. The wealth of knowledge gleaned from vulnerability scanners can be invaluable, but beware of relying on them too heavily. The beauty of a penetration test is that it can’t be automated, and attacking systems successfully requires that you have knowledge and skills. In most cases, when you become a skilled penetration tester, you will rarely use a vulnerability scanner but will rely on your knowledge and expertise to compromise a system.
Metasploit is a framework that provides the infra- structure needed to automate mundane, routine, and complex tasks.Metasploit allows you to easily build attack vectors to augment its exploits, payloads, encoders, and more in order to create and execute more advanced attacks.
A Brief History of Metasploit
Metasploit was originally developed and conceived by HD Moore while he was employed by a security firm. When HD realized that he was spending most of his time validating and sanitizing public exploit code, he began to create a flexible and maintainable framework for the creation and development of exploits. He released his first edition of the Perl-based Metasploit in October 2003 with a total of 11 exploits. With the help of Spoonm, HD released a total rewrite of the project, Metasploit 2.0, in April 2004. This version included 19 exploits and over 27 payloads. Shortly after this release, Matt Miller (Skape) joined the Metasploit development team, and as the project gained popularity, the Metasploit Framework received heavy backing from the information security community and quickly became a necessary tool for penetration testing and exploitation.
Following a complete rewrite in the Ruby programming language, the Metasploit team released Metasploit 3.0 in 2007. The migration of the Framework from Perl to Ruby took 18 months and resulted in over 150,000 lines of new code. With the 3.0 release, Metasploit saw widespread adoption in the security community and a big increase in user contributions. In fall 2009, Metasploit was acquired by Rapid7, a leader in the vulnerability-scanning field, which allowed HD to build a team to focus solely on the development of the Metasploit Framework. Since the acquisition, updates have occurred more rapidly than anyone could have imagined. Rapid7 released two commercial products based on the Metasploit Framework: Metasploit Express and Metasploit Pro. Metasploit Express is a lighter version of the Metasploit Framework with a GUI and additional functionality, including reporting, among other useful features. Metasploit Pro is an expanded version of Metasploit Express that touts collaboration and group penetration testing and such features as a one-click virtual private network (VPN) tunnel and much more.
"Penetration testing is a way for you to simulate the methods that an attacker might use to circumvent security controls and gain access to an organization’s systems. Penetration testing is more than running scanners and automated tools and then writing a report. And you won’t become an expert penetration tester overnight; it takes years of practice and real-world experience to become proficient. "
Metasploit offers more than one interface to its underlying functionality, including console, command line, and graphical interfaces. In addition to these interfaces, utilities provide direct access to functions that are normally internal to the Metasploit Framework. These utilities can be invaluable for exploit development and situations for which you do not need the flexibility of the entire Framework.
Msfconsole is by far the most popular part of the Metasploit Framework, and for good reason. It is one of the most flexible, feature-rich, and well-supported tools within the Framework. Msfconsole provides a handy all-in-one interface to almost every option and setting available in the Framework; it’s like a one-stop shop for all of your exploitation dreams. You can use msfconsole to do everything, including launching an exploit, loading auxiliary modules, performing enumeration, creating listeners, or running mass exploitation against an entire network. Although the Metasploit Framework is constantly changing, a subset of commands remain relatively constant. By mastering the basics of msfconsole, you will be able to keep up with any changes.
To launch msfconsole, enter msfconsole at the command line:
To access msfconsole’s help files, enter help followed by the command which you are interested in. In the command given below, we are looking for help for the command connect, which allows us to communicate with a host. The resulting documentation lists usage, a description of the tool, and the various option flags.
msf > help connect
Msfcli and msfconsole take very different approaches to providing access to the Framework. Where msfconsole provides an interactive way to access all features in a user-friendly manner, msfcli puts the priority on scripting and interpretability with other console-based tools. Instead of providing a unique interpreter to the Framework, msfcli runs directly from the command line, which allows you to redirect output from other tools into msfcli and direct msfcli output to other commandline tools. Msfcli also supports the launching of exploits and auxiliary modules, and it can be convenient when testing modules or developing new exploits for the Framework. It is a fantastic tool for unique exploitation when you know exactly which exploit and options you need. It is less forgiving than msfconsole, but it offers some basic help (including usage and a list of modes) with the command msfcli -h, as shown here:
The armitage component of Metasploit is a fully interactive graphical user interface created by Raphael Mudge. This interface is highly impressive, feature rich, and available for free.
To launch armitage, run the command armitage. During startup, select Start MSF, which will allow armitage to connect to your Metasploit instance.
After armitage is running, simply click a menu to perform a particular attack or access other Metasploit functionality.