Ethical Hacking and Penetration Testing Guide

Vulnerability Assessment
◾ 
131
Once you have launched the scan, you will see this screen:
Once the scan is complete, go to the “Reports” tab and either download the report or view it 
in the panel by clicking on it.
There are different types of report formats for nessus. You can read the pros and cons of each 
report format in the “Nessus User Guide.” To download the report, go to the “Reports” menu, 
select the report, and click “Download” at the top.

132
◾ 
Ethical Hacking and Penetration Testing Guide
If you are performing a vulnerability assessment, you can download the report in the preferred 
format and send it to the customer. However, if you are performing a penetration test and your 
goal is to exploit the vulnerability, choose the .nessus format, because this would enable you to 
import the information into Metasploit, and within Metasploit, you can perform various other 
checks and choose relative exploits based upon your findings.
Nessus Integration with Metasploit
Sometimes in real-world penetration tests, the time available to accomplish your task is very less, so 
you will need a methodology efficient enough to save time as well as yield effective results.
Nessus can be integrated into Metasploit for performing a far more effective penetration 
test. With nessus being imported to Metasploit, we can easily perform vulnerability scanning 
from within the Metasploit console. The results would be outputted to the Metasploit console 
itself. With nessus being imported to Metasploit, we have both vulnerability assessment and 
exploitation within a single tool.

Yüklə 22,44 Mb.

Dostları ilə paylaş: