Vulnerability scanning will allow you to quickly scan target IP ranges for known vulnerabilities, allowing penetration testers to quickly understand attacks that may be worth pursuing.
Let’s take a look at some of the vulnerability scanning capabilities that the Metasploit framework can provide.
1. Metasploit SMB login check
A common situation you find yourself in is having a valid username and password combination and wondering where you can use it. This is where the SMB login inspection scanner is very useful, as it will connect to a range of hosts and determine whether the username/password combination can access the target.
Keep in mind that this is very "loud" as it will show up as a failed login attempt in the event log of every Windows it touches. Be thoughtful about the network you are taking this action on. Any successful results can be plugged into the windows/smb/psexec exploit module (just like the standalone tool), which can be used to create a Meterpreter session.
msf > use auxiliary/scanner/smb/smb_login
msf auxiliary(smb_login) > show options
Module options (auxiliary/scanner/smb/smb_login):
Name Current Setting Required Description
---- --------------- -------- -----------
ABORT_ON_LOCKOUT false yes Abort the run when an account lockout is detected
BLANK_PASSWORDS false no Try b