1、Vulnerability scanning with Nmap Scripting Engine
the Nmap Script Engine provide a alrge number of script that can e used to perform a range of automated task to evaluate remote system .a windowsxp system with a vulnerable SMB service is used for this test .so first ,we must set up the windows xp system ,one of the most effective way is to referennce the script.db file that is located ninthe nmap script directory .
we use the command to look the scripts : cat /usr/share/nmap/scripts/script.db |more
the category name for vulnerabliity scanning scripts is vuln, to identify all vunerability scripts , one would need to grep for the vuln and then extract the filename for each script with the cut command. this can be seen in hte folloeing truncated output:
grep vuln /usr/share/nmap/script/script.db |cut -d "" -f 2
a vulnerability scan may be as simple as establishing a TCP connection with the remote service and identifying of probes and specially crafted requests may be sent to remote service in attempt to solicit responses that unique to services that vulnerable to a specific attack , in the example the NSE vulnerability script provided the vulnerability scan will actually try to exploit the vulnerability if the unsafe parameter activated.
2、 Vulnerability scanning with MSF auxiliary modules