Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Kali Linux Intrusion and Exploitation Cookbook

You're reading from   Kali Linux Intrusion and Exploitation Cookbook Powerful recipes to detect vulnerabilities and perform security assessments

Arrow left icon
Product type Paperback
Published in Apr 2017
Publisher
ISBN-13 9781783982165
Length 512 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Dhruv Shah Dhruv Shah
Author Profile Icon Dhruv Shah
Dhruv Shah
Ishan Girdhar Ishan Girdhar
Author Profile Icon Ishan Girdhar
Ishan Girdhar
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Title Page
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Customer Feedback
Preface
1. Getting Started - Setting Up an Environment FREE CHAPTER 2. Network Information Gathering 3. Network Vulnerability Assessment 4. Network Exploitation 5. Web Application Information Gathering 6. Web Application Vulnerability Assessment 7. Web Application Exploitation 8. System and Password Exploitation 9. Privilege Escalation and Exploitation 10. Wireless Exploitation Pen Testing 101 Basics

Configuring Nessus and Metasploit


In this recipe, we will you how to install, configure, and start running Nessus and Metasploit.

Getting ready

For this recipe, we will be Nessus home feed and register for a valid license.

How to do it...

Perform the steps for this recipe:

  1. Open Firefox and go to http://www.tenable.com/products/nessus/select-your-operating-system and select the home version. On the next page, select the operating system as 6 and 7 (as Kali is based on Debian Jessie) as shown in the following screenshot:

 

  1. To the Nessus, open the command in the terminal and type:
      dpkg -i Nessus-6.2.0-debian6_amd64.deb
  1. Now, your Nessus has been installed as shown in the following screenshot:

  1. Once the installation is complete, start the Nessus service using the following command:
      /etc/init.d/nessusd start

 

  1. Open link https://kali:8834 as shown in the screenshot:

 

  1. By default, during installation, Nessus is configured for using self-signed certificates to the traffic between your browser and the Nessus server; therefore, you are seeing page shown in the preceding screenshot. If you have downloaded the Nessus from a tenable website, you can consider it safe to click on I understand the risk and accept the certificate to continue and you will see the following page:

 

  1. Click on Continue, and you will be shown the initial account setup page, as in following screenshot:

 

  1. Enter the username and password combination you want to create and click on Continue. On the next page, you will be required to enter the code as shown in following screenshot:

  1. To obtain the activation, go to http://www.tenable.com/products/nessus-home and fill the form on the right-hand side of the page to receive the activation code. You will receive your activation code on your e-mail account. Copy the activation and enter it on this screen and continue:

Now, the Activation has been completed and Nessus will update the plugins and the tool will be ready for your use.

  1. We now have Nessus in place. So, let's set up Metasploit. Metasploit is installed by default during OS installation. To invoke, you will need to start the following services:
      # service postgresql start
      [ ok ] Starting PostgreSQL 9.1 database server: main.
      root@Intrusion-Exploitation:~#
      root@Intrusion-Exploitation:~# msfconsole
      [ ok ] Starting Metasploit rpc server: prosvc.
      [ ok ] Starting Metasploit web server: thin.
      [ ok ] Starting Metasploit worker: worker.

 

  1. Metasploit will be started as shown in following screenshot:

How it works...

In this recipe, we have downloaded Nessus home feed and started the service. We completed the basic initial account setup and entered the account activation key to activate our home feed version of Nessus and finally updated the plugins.

Later on, we turned on PostgreSQL and Metasploit services, and finally, using msfconsole we started an instance of Metasploit.

There's more...

Nessus is a scanner and is an exploitation framework from Rapid7. However, most network environments require only vulnerability assessment and not in-depth exploitation. But, if in some cases it is needed, Metasploit is one of the best frameworks available. Similar to Nessus, Rapid7 has also launched their own vulnerability scanner called Nexpose. can be configured to be integrated with Metasploit, which allows Metasploit to use NexPose for vulnerability scanning and select exploits based on the information gathered by and thus it provides better experience as compared to using Nessus with Metasploit. For more information, visit http://www.rapid7.in/products/nexpose/ .

You have been reading a chapter from
Kali Linux Intrusion and Exploitation Cookbook
Published in: Apr 2017
Publisher:
ISBN-13: 9781783982165
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image