What makes the metasploit command "vulns" use test ids in "refs=" instead of bugtrac ids,cves, etc?
I am trying to use Metasploitable2 and Kali linux (both qemu virtual appliances), to teach people the basics of automatic vulnerability assessment.
I am trying to use OpenVAS + Metasploit in order to show how simple the interface can be. Unfortunately, once I have imported the OpenVAS reports into Metasploit, the output of the vulns command looks like:
[*] Time: ... Vuln: host=10.0.0.1 name=NSS-1.3.6.1.4.1.25623.1.0.103185 refs=NSS-1.3.6.1.4.1.25623.1.0.103185I am able to bring up vulns -i and get the listing similar to the one you get from searching the corresponding nss on this website: http://www.securityspace.com/smysecure/search.html I don't want people reading through pages of output in the metasploit console though, because the output is much nicer and cleaner using the OpenVAS client.
The websites details are correct for the few that I have tried, but this is less helpful than the offensive-security tutorials output, which looks like:
[*] Time: 2010-09-28 01:51:37 UTC Vuln: host=192.168.1.161 port=3389 proto=tcp name=NSS-10940 refs=
[*] Time: 2010-09-28 01:51:37 UTC Vuln: host=192.168.1.161 port=1900 proto=udp name=NSS-35713 refs=
[*] Time: 2010-09-28 01:51:37 UTC Vuln: host=192.168.1.161 port=1030 proto=tcp name=NSS-22319 refs=
[*] Time: 2010-09-28 01:51:37 UTC Vuln: host=192.168.1.161 port=445 proto=tcp name=NSS-10396 refs=
[*] Time: 2010-09-28 01:51:38 UTC Vuln: host=192.168.1.161 port=445 proto=tcp name=NSS-10860 refs=CVE-2000-1200,BID-959,OSVDB-714
[*] Time: 2010-09-28 01:51:38 UTC Vuln: host=192.168.1.161 port=445 proto=tcp name=NSS-10859 refs=CVE-2000-1200,BID-959,OSVDB-715
[*] Time: 2010-09-28 01:51:39 UTC Vuln: host=192.168.1.161 port=445 proto=tcp name=NSS-18502 refs=CVE-2005-1206,BID-13942,IAVA-2005-t-0019
[*] Time: 2010-09-28 01:51:40 UTC Vuln: host=192.168.1.161 port=445 proto=tcp name=NSS-20928 refs=CVE-2006-0013,BID-16636,OSVDB-23134
[*] Time: 2010-09-28 01:51:41 UTC Vuln: host=192.168.1.161 port=445 proto=tcp name=NSS-35362 refs=CVE-2008-4834,BID-31179,OSVDB-48153So back to my question:
What do I need to do in order to go from these large "nss-xxx" strings in the first code block, to the much more reasonable output you see in the second code block.
I am trying to use Metasploitable2 and Kali linux (both qemu virtual appliances), to teach people the basics of automatic vulnerability assessment.
I am trying to use OpenVAS + Metasploit in order to show how simple the interface can be. Unfortunately, once I have imported the OpenVAS reports into Metasploit, the output of the vulns command looks like:
[*] Time: ... Vuln: host=10.0.0.1 name=NSS-1.3.6.1.4.1.25623.1.0.103185 refs=NSS-1.3.6.1.4.1.25623.1.0.103185I am able to bring up vulns -i and get the listing similar to the one you get from searching the corresponding nss on this website: http://www.securityspace.com/smysecure/search.html I don't want people reading through pages of output in the metasploit console though, because the output is much nicer and cleaner using the OpenVAS client.
The websites details are correct for the few that I have tried, but this is less helpful than the offensive-security tutorials output, which looks like:
[*] Time: 2010-09-28 01:51:37 UTC Vuln: host=192.168.1.161 port=3389 proto=tcp name=NSS-10940 refs=
[*] Time: 2010-09-28 01:51:37 UTC Vuln: host=192.168.1.161 port=1900 proto=udp name=NSS-35713 refs=
[*] Time: 2010-09-28 01:51:37 UTC Vuln: host=192.168.1.161 port=1030 proto=tcp name=NSS-22319 refs=
[*] Time: 2010-09-28 01:51:37 UTC Vuln: host=192.168.1.161 port=445 proto=tcp name=NSS-10396 refs=
[*] Time: 2010-09-28 01:51:38 UTC Vuln: host=192.168.1.161 port=445 proto=tcp name=NSS-10860 refs=CVE-2000-1200,BID-959,OSVDB-714
[*] Time: 2010-09-28 01:51:38 UTC Vuln: host=192.168.1.161 port=445 proto=tcp name=NSS-10859 refs=CVE-2000-1200,BID-959,OSVDB-715
[*] Time: 2010-09-28 01:51:39 UTC Vuln: host=192.168.1.161 port=445 proto=tcp name=NSS-18502 refs=CVE-2005-1206,BID-13942,IAVA-2005-t-0019
[*] Time: 2010-09-28 01:51:40 UTC Vuln: host=192.168.1.161 port=445 proto=tcp name=NSS-20928 refs=CVE-2006-0013,BID-16636,OSVDB-23134
[*] Time: 2010-09-28 01:51:41 UTC Vuln: host=192.168.1.161 port=445 proto=tcp name=NSS-35362 refs=CVE-2008-4834,BID-31179,OSVDB-48153So back to my question:
What do I need to do in order to go from these large "nss-xxx" strings in the first code block, to the much more reasonable output you see in the second code block.
No comments:
Post a Comment