132
◾
Ethical Hacking and Penetration Testing Guide
If you are performing a vulnerability assessment, you can download the report in the preferred
format and send it to the customer. However, if you are performing a penetration test and your
goal is to exploit the vulnerability, choose the .nessus format, because this would enable you to
import the information into Metasploit, and within Metasploit, you can perform various other
checks and choose relative exploits based upon your findings.
Nessus Integration with Metasploit
Sometimes in real-world penetration tests, the time available to accomplish your task is very less, so
you will need a methodology efficient enough to save time as well as yield effective results.
Nessus can be integrated into Metasploit for performing a far more effective penetration
test. With nessus being imported to Metasploit, we can easily perform vulnerability scanning
from within the Metasploit console. The results would be outputted to the Metasploit console
itself. With nessus being imported to Metasploit, we have both vulnerability assessment and
exploitation within a single tool.
Dostları ilə paylaş: