Metasploit vulnerability validation

Vulnerability Validation

Today we will learn how to validate the vulnerabilities that we have found from vulnerability scanners like Nexpose. This process is also known as vulnerability analysis.

A vulnerability scanner can sometimes give you hundreds of vulnerabilities. In such a case, it can be quite time-consuming to validate each and every vulnerability.

Metasploit Pro has a feature called Vulnerability Validation to help you save time by validating the vulnerabilities automatically and give you an overview of the most crucial vulnerabilities that can be very harmful for your system. It also has an option to classify the vulnerabilities according to their severity.

Let’s see how you can use this option. Open Metasploit Pro Web Console → Project → Vulnerability Validation.

Next, enter the Project Name and provide an easy description about the project. Then, click the Startbutton.

Click "Pull from Nexpose". Select "Import existing Nexpose vulnerability data"

Click Tag → Automatically Tag by OS. It will separate the vulnerabilities for you

Next, go to Exploit → Sessions and check the option "Clean up sessions when done". It means when the vulnerability will be checked, there will be interaction between the Metasploit machine and the vulnerable machine.

Click Generate Report → Start.

Next, you will see a Validation Wizard. Here, you need to click the Push validations button.

You will get a screen with tables after you have all the list of the vulnerabilities tested.

To see the results of the tested vulnerabilities, go to Home → Project Name → Vulnerabilities.