Vulnerability Assessment
◾
131
Once
you have launched the scan, you will see this screen:
Once the scan is complete, go to the “Reports” tab and either download the report or view it
in the panel by clicking on it.
There are different types of report formats for nessus. You can read
the pros and cons of each
report format in the “Nessus User Guide.” To download the report, go to the “Reports” menu,
select the report, and click “Download” at the top.
132
◾
Ethical Hacking and Penetration Testing Guide
If you are performing a vulnerability assessment, you can download the report in the preferred
format and send it to the customer. However, if you are performing
a penetration test and your
goal is to exploit the vulnerability, choose the .nessus format, because this would enable you to
import the information into Metasploit, and within Metasploit, you
can perform various other
checks and choose relative exploits based upon your findings.
Nessus Integration with Metasploit
Sometimes in real-world penetration tests, the time available to accomplish your task is very less, so
you will need a methodology efficient enough to save time as well as yield effective results.
Nessus can be integrated into Metasploit for performing a far
more effective penetration
test. With nessus being imported to Metasploit, we can easily perform vulnerability scanning
from within the Metasploit console. The results would be outputted
to the Metasploit console
itself. With nessus being imported to Metasploit, we have both vulnerability assessment and
exploitation within a single tool.
Dostları ilə paylaş: 
