msf弱点扫描模块使用
openvas
引入openvas进行扫描,全命令行,使用繁琐
msf > load openvas
导入openvas扫描日志,.nbe格式
nessus
导入nessus模块进行扫描
msf > load nessus
[*] Nessus Bridge for Metasploit
[*] Type nessus_help for a command listing
[*] Successfully loaded plugin: Nessus
链接nessus扫描器
msf > nessus_connect -h
[*] You must do this before any other commands.
[*] Usage:
[*] nessus_connect username:[email protected]:port <ssl_verify/ssl_ignore>
[*] username and password are the ones you use to login to the nessus web front end
[*] hostname can be an IP address or a DNS name of the Nessus server.
[*] port is the RPC port that the Nessus web front end runs on. By default it is TCP port
[*] The "ssl_verify" to verify the SSL certificate used by the Nessus front end. By default the server
[*] use a self signed certificate, therefore, users should use ssl_ignore.
msf > nessus_connect root:root@:
[*] Connecting to https://.:/ as root
[*] User root authenticated successfully.
查看扫描策略列表
msf > nessus_policy_list
Policy ID Name Policy UUID
--------- ---- -----------
285 advanced scan ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66
创建新扫描任务
msf > nessus_scan_new
[*] Usage:
[*] nessus_scan_new <UUID of Policy> <Scan name> <Description> <Targets>
[*] Use nessus_policy_list to list all available policies with their corresponding UUIDs
msf > nessus_scan_new ad629e16-b6-c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66 test test_for_test www.sunriver.cn
[*] Creating scan from policy number ad629e16-b6-c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66, called test - test_for_test and scanning www.sunriver.cn
[*] New scan added
[*] Use nessus_scan_launch to launch the scan
Scan ID Scanner ID Policy ID Targets Owner
------- ---------- --------- ------- -----
root
查看扫描任务列表
msf > nessus_scan_list
Scan ID Name Owner Started Status Folder
------- ---- ----- ------- ------ ------
288 test root empty 3
进行扫描
msf > nessus_scan_launch
[+] Scan ID successfully launched. The Scan UUID is d3de086-eb0-c55f-cee-f8b9cb0abf33e24014baf8a69c0a
![网络安全与渗透:漏洞攻击—— msf(四)此生无悔入华夏,男儿何不带吴钩中华人民共和国网络安全法msf简介msfconsole内网信息收集凭证窃取[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)