Scanning is an essential part of penetration testing. Often times, attackers go straight into exploitation as they have already obtained the IP address range used by the organization. This is a critical mistake as they have not discovered all of the live hosts or open services. Continuing a penetration test without having a solid understanding all of the live hosts, open services and operating systems being used in the environment will often result in the crash of many production systems. Clearly, we’d like to avoid having to explain to the CIO or CISO how we crashed multiple production systems.
Let us take a look at how Metasploit Community Edition helps us with this critical phase:
Armed with this information, an attacker can now proceed to the next step: Exploitation!
Importing scan results from Nessus, Nexpose, and other vulnerability scanners simplies our lives as penetration testers. Let us explore this process in more detail:
Open your browser to https://127.0.0.1:8834 simply click on ‘Scan’ and then on ‘Add’ as follows:
We are now one step closer to successful exploitation!
Metasploit Community Edition has a seamless integration with NeXpose. As penetration testers, we are often looking for shortcuts and this integration is just beautiful. Let’s take a closer look.
And now the part we have all been waiting for: Exploitation!