So far we have seen that Metasploit is really a powerful framework for penetration testing. However, it can be made even more useful if integrated with some other tools. This section covers a few tools that compliment Metasploit's capability to perform more precise penetration on the target system.

Nessus is a product from Tenable Network Security and is one of the most popular vulnerability assessment tools. It belongs to the vulnerability scanner category. It is quite easy to use, and it quickly finds out infrastructure-level vulnerabilities in the target system. Once Nessus tells us what vulnerabilities exist on the target system, we can then feed those vulnerabilities to Metasploit to see whether they can be exploited for real.

Its official website is https://www.tenable.com/. The following image shows the Nessus homepage:

The following are the different OS-based installation steps for Nessus:

• Installation on Windows:
  1. Navigate to the URL https://www.tenable.com/products/nessus/select-your-operating-system.
  2. Under the Microsoft Windows category, select the appropriate version (32-bit/64-bit).
  3. Download and install the msi file.
  4. Open a browser and navigate to the URL https://localhost:8834/.
  5. Set a new username and password to access the Nessus console.
  6. For registration, click on the registering this scanner option.
  7. Upon visiting http://www.tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code, select Nessus Home and enter your details for registration.
  8. Enter the registration code that you receive on your email.
• Installation on Linux (Debian-based):
  1. Navigate to the URL https://www.tenable.com/products/nessus/select-your-operating-system.
  2. Under the Linux category, Debian 6,7,8 / Kali Linux 1, select the appropriate version (32-bit/AMD64).
  3. Download the file.
  4. Open a terminal and browse to the folder where you downloaded the installer (.deb) file.
  5. Type the command dpkg -i <name_of_installer>.deb.
  6. Open a browser and navigate to the URL https://localhost:8834/.
  7. Set a new username and password to access the Nessus console.
  8. For registration, click on the registering this scanner option.
  9. Upon visiting http://www.tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code, select Nessus Home and enter your details for registration.
  10. Enter the registration code that you receive on your email.

NMAP (abbreviation for Network Mapper) is a de-facto tool for network information gathering. It belongs to the information gathering and enumeration category. At a glance, it may appear to be quite a small and simple tool. However, it is so comprehensive that a complete book could be dedicated on how to tune and configure NMAP as per our requirements. NMAP can give us a quick overview of what all ports are open and what services are running in our target network. This feed can be given to Metasploit for further action. While a detailed discussion on NMAP is out of the scope for this book, we'll certainly cover all the important aspects of NMAP in the later chapters.

Its official website is https://nmap.org/. The following screenshot shows a sample NMAP scan:

While the most common way of accessing NMAP is through the command line, NMAP also has a graphical interface known as Zenmap, which is a simplified interface on the NMAP engine, as follows:

The following are the different OS-based installation steps for NMAP:

• Installation on Windows:
  1. Navigate to site https://nmap.org/download.html.
  2. Under the Microsoft Windows Binaries section, select the latest version (.exe) file.
  3. Install the downloaded file along with WinPCAP (if not already installed).

• Installation on Linux (Debian-based): NMAP is by default installed in Kali Linux; however, if not installed, you can use the following command to install it:

root@kali:~#apt-get install nmap

w3af is an open-source web application security scanning tool. It belongs to the web application security scanner category. It can quickly scan the target web application for common web application vulnerabilities, including the OWASP Top 10. w3af can also be effectively integrated with Metasploit to make it even more powerful.

Its official website is http://w3af.org/. We can see the w3af console for scanning web application vulnerabilities in the following image:

The following are the various OS-based installation steps for w3af:

• Installation on Windows: w3af is not available for the Windows platform
• Installation on Linux (Debian-based): w3af is by default installed on Kali Linux; however, if not installed, you can use the following command to install it:

root@kali:~# apt-get install w3af

Armitage is an exploit automation framework that uses Metasploit at the backend. It belongs to the exploit automation category. It offers an easy-to-use user interface for finding hosts in the network, scanning, enumeration, finding vulnerabilities, and exploiting them using Metasploit exploits and payloads. We'll have a detailed overview of Armitage later in this book.

Its official website is http://www.fastandeasyhacking.com/index.html. We can see the Armitage console for exploit automation in the following screenshot:

The following are the various OS-based installation steps for Armitage:

• Installation on Windows: Armitage is not supported on Windows
• Installation on Linux (Debian-based): Armitage is by default installed on Kali Linux; however, if not installed, you can use the following command to install it:

root@kali:~# apt-get install armitage