I’ve been using metasploit for a long time, but it’s not something I use daily. So I started a notes doc on it a long time ago. Here’s that doc. <3 The setup (dependencies install mostly via homebrew for Mac or use whatever other dependency/package manager for others): Install homebrew if needed: ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" brew install libxml2,nmap,ruby21 brew install postresql --without-ossp-uuid git clone https://github.com/rapid7/metasploit-framework.git /usr/local/share/metasploit-framework To launch the Metasploit console: ./msfconsole To update: msfupdate From within the console, use the show verb to see a list of all Encoders, NOP Generators, Exploits, and Payloads: show To just show payloads: Show payloads Set your exploit (from the list…
-
-
Vulnerability Scanning Web Servers Using Nikto On OS X
I’ve had a pretty easy time using Nikto over the years. Nikto is a security scanner specific to web servers. I did a post on Nessus recently, but Nessus is a tool for looking at any service running on a system and trying to find available vulnerabilities. Nikto is can do many of the same things, but is specific and therefore more in depth for web servers. This involves looking at things like CGI directories and robots.txt files as well. Nikto is written in Perl. In order to do everything Nikto can do there are a few perl mules that need to be installed. But let’s look at one of…