This article will focus on using the Metasploit Framework together with Nessus to scan a remote target for vulnerabilities.
The Metasploit Framework is a computer application that provides information about security vulnerabilities and aids in penetration testing. It’s a tool for developing and executing exploit code against a remote target machine. You can find more information about the project here: https://www.metasploit.com/.
Metasploit can utilize several plugins, one of which we will use to scan for vulnerabilities on a local computer. The plugin is called Nessus and is a vulnerability management software to help you identify remote computers through any backdoors and other exposures. Nessus makes it easy to keep track of all your assets and provides great overview graphs and results when the scan is complete.
The easiest way to begin working with Metasploit is to download and install Kali Linux, an operating system with embedded tools used specifically for ethical hacking and penetration testing. For this article, we’ll install Kali Linux on VirtualBox, a free program which you can use to set up virtual machines easily.
You can download VirtualBox from here: https://www.virtualbox.org/wiki/Downloads
Select the appropriate installation package depending on what operating system you’re using. In this article, we’re going to use Windows.
Begin the installation and click Next
Review the installation options and the default installation location. Most of the time, you can just click Next here.
Select what options you’d like. We chose to leave everything to default.
You’ll receive a warning that your Internet connection may be disrupted momentarily — don't worry, this is expected. VirtualBox installs a special kind of virtual Internet adapter so that your virtual machines can access the Internet. Click on Yes.
Click on Install.
VirtualBox will begin its installation progress here.
During the installation, you’ll be asked to install the virtual Internet driver we mentioned before. Click on Install.
All done! Click on Finish.
The VirtualBox application should start without any issues. Leave it alone for a couple of minutes while we download Kali Linux.
You can download Kali Linux from their website at https://www.kali.org/downloads/.
In most cases, you’d want to pick the 64-bit version, but it all depends on the type of hardware you’re using. Choose the light version if your network speed isn’t too great. The light version is stripped of some functionalities, but should work for the purposes of this tutorial.
After you’ve downloaded the image, create a new virtual machine by clicking the New button up in the toolbar of VirtualBox, or by going to the Machine menu and clicking New…
You will be prompted a window where you can choose which type of virtual machine you will be creating, and what operating system it will host. Choose an appropriate name. For this purpose, I’ve chosen to call the machine “Kali Linux”.
Next, choose how much RAM you want to allocate to your virtual machine. For Kali to run efficiently, allocate at least 2 GB RAM or more.
In the next step, you’ll have to choose which type of virtual hard disk you want to create for your virtual machine. This step is very important because you don’t want to allocate too small of a disk, or you might run into trouble when installing the operating system. VirtualBox has already suggested a size of the hard disk, but this is often not enough. We will need to increase the size of it later. Click on Create for now.
In the window that follows, select to create a VDI (VirtualBox Disk Image) and click on Next.
In this next screen, you’ll get to choose if you want the hard disk to be dynamically allocated or a fixed size. If you’re going to use Metasploit and Kali Linux extensively and store lots of data on it, you might want the hard disk to be dynamically allocating, meaning the hard disk will grow automatically if its available disk space is running low. If you’re only going to try out Metasploit a few times or if you don’t have much storage to spare, you might want to go with the Fixed Size option.
Next, select where to store the hard drive. Here you can also increase or decrease the size of the hard drive if needed. I chose to go with 30 GB, and I wouldn’t recommend going with anything lower than that as Kali takes up quite some space and you need some space to play around with.
When done, we must specify where the virtual machine gets its installation media from. This will of course be the Kali Linux ISO that we downloaded earlier! So, right click on the newly created virtual machine and select Settings…
Click on the Storage tab. You’ll notice the name you selected for the hard disk drive and an Empty CD/DVD IDE controller. Now, click on the little disk icon to the far right.
Navigate to where you saved the disk image and select it to attach it to the virtual CD/DVD driver for your virtual machine.
Click OK. You’ll notice that the disk image name will appear instead of just “Empty” at the CD/DVD IDE controller.
Now, run your newly created virtual machine! You’ll be greeted by an installation screen of Kali. If you simply want to try out the operating system, you can choose to go with a live version of the OS. However, for this article, we’ll choose to install it.
Choose your preferred language, location and keyboard locale you prefer.
After you’re done with the settings, Kali Linux will ask you what hostname you would like for the operating system. Most of the time, the hostname can be left as default, so just navigate to Continue.
Next, you must choose a domain name. It doesn’t really matter what you use as your domain name, just make something up. We used commonlounge.
Next, come up with a password for the system administrator account, or more specifically, the root account. This password will be used when you log into the system, so be sure to remember it.
After selecting your password and verifying your spelling, select which partition method you would like to use. Most of the time, you can choose the first option. If you want to encrypt your hard drive, go with the third option.
Select which partition you would like to install Kali Linux on. This would be the virtual hard disk you set up earlier. You will see the size of the disk as well as the name.
Next, select the first option for the partitioning scheme.
Now, you’ll see an overview of your current settings. Select Finish to start the installation and press Yes on the next screen after that.
After the installation is complete, it’ll ask you if you want to use a network mirror. This is fine most of the time, so just hit Yes.
Next, select a HTTP proxy. Leave this blank if you don’t know what it is or if you don’t need it.
After it has scanned for updates, it’ll ask you if you want to install the GRUB loader on to the master boot record. Select Yes.
Select your hard disk drive.
And voilà! The installation is complete. Restart the system by selecting Continue.
Once the system has rebooted, log into the computer with the username root and the password that you set earlier in the installation. This concludes the installation of Kali Linux!
To scan a target for vulnerabilities, we’ll use the tool Nessus. You can download Nessus from their website at https://www.tenable.com/products/nessus/select-your-operating-system.
Select the Linux category and download the image for 32- or 64-bit.
While the image is downloading, you need to set up a free activation license on their website. You can do so here: https://www.tenable.com/products/nessus/activation-code
Select the free plan for Home use and enter your name and e-mail address.
You’ll receive an e-mail with a license key which you must use later in the installation. For now, go back to your Kali machine and open a Terminal. Navigate to whatever place you downloaded the image (mine went to my Downloads folder) and issue the following command to install the program:
dpkg -i Nessus-7.0.1-debian6_amd64.deb
Then, start Nessus by typing:
When the service is started, open your browser and type in the address https://127.0.0.1:8834/ to access Nessus. You may need to except the URL to gain access to it:
Create an account. This account is separate from your login account, but for this purpose, I’ll use the same credentials as the root login.
Choose the license and enter the license key you received in the e-mail message from before.
Nessus will start downloading and compiling some plugins which is needed for the vulnerability scan.
To scan for the vulnerabilities however, we need to create a set of policies that Nessus will follow. These policies will tell Nessus which vulnerabilities to scan for. When you’re logged in to the Nessus web interface, go to Policies and then select a vulnerability. In this example, we’ll go with Spectre and Meltdown.
Enter a name and a description if you’d like to, then close the Nessus GUI.
This concludes the installation of Nessus vulnerability scanner — now we can access it from Metasploit!
You can open the Metasploit framework by going to the menu Applications -> Exploitation Tools -> Metasploit framework.
When you open up Metasploit for the first time, it’ll create a database as part of the initial setup. After a while, you’ll be presented with the starting page of Metasploit. Note that Metasploit contains a lot of logos and flairs, so your screen might look different than mine.
Because Metasploit is an actively maintained application, the first thing you should do is to update it to make sure you have the latest exploits available. Run the following command within the Metasploit framework shell to install any updates.
apt update; apt install metasploit-framework
If your version is updated, you should see that there’s 0 updates available, like in the screenshot below.
Phew! Now it’s time for the actual vulnerability scan!
Open up Metasploit and issue the following commands to connect to your newly created Nessus database. The username and password are whatever you chose to enter at the setup:
Once connected, you can view your policies that you created earlier by writing
This will display the UUID which you need to start a new scan. So copy the UUID of the policy you made and write:
nessus_scan_new <UUID> <ID> <Scan Name> <Target IP>
You can make up the ID and its name. I chose the same ID as my policy, but you can set it to whatever you want. The important thing is that you get the UUID right and that you don’t type a random IP-address (run it against your own machine first) since this will generate a lot of traffic.
As an aside, to find out your own IP address, issue the following command in the Terminal if you're running a unix.
ip addr show
Or, if you're running Windows, issue this command in the Command Prompt.
After running the nessus_scan_new command, you’ll be presented with a new scan ID which you will use to launch the actual scan. Type the following command to begin the scan:
nessus_scan_launch <scan ID>
To see your results, type
nessus_report_hosts <scan ID>
My two hosts seem to be fine from the Spectre & Meltdown attack!
And that’s how you use the Metasploit framework with Nessus vulnerability scanner! These two tools are extremely powerful, so use them carefully, and never towards an unauthorized system.
Never leave administrative passwords blank or use a default password set by the product vendor. This includes modems, routers, switches, firewalls, operating system administrative accounts, application passwords, etc. Always make a habit to change these passwords to something that may be considered complex.
Eavesdropping and Man-In-The-Middle attacks (or MITM attacks) are two similar types of attacks, where the first one only listens in on traffic while the latter will try to manipulate it. Eavesdropping will listen and record the traffic sent to and from two parties while the MITM will place himself between the parties and manipulate the data sent back and forth to his advantage.
To protect yourself against these kind of attacks, always see if there’s an encrypted version of the website or protocol you’re using. For example, always check for the HTTPS lock in the address field before you transmit any usernames, passwords and other personal details, like your credit card number.
Attackers may find bugs and backdoors in desktop and mobile applications such as e-mail clients and browsers to execute arbitrary code, implant trojan horses or crash the system. Further exploitation can occur if the compromised system has administrative privileges on the rest of the network.
To counter this, always keep your application up-to-date by installing the latest version from their website. Make sure you download a verified patch made and released by the developers themselves to mitigate any code injections made by third parties.