Cisco – Modify / Fix Config via SNMP (SSH example)

Fixing SSH access on cisco via SNMP

Sometimes you may encounter a situation, when your SSH is not properly configured.  In this situation you might be lucky enough to have SNMP RW community string configured. In this situation you can fix literally everything.

 

Download the Config via SNMP

You may download current device’s config to tftp server, edit necessary lines and upload it back. You may upload it to either running config, startup config or a flash file.

To download running config:

snmpset -c san-fran -v 2c 192.168.1.23 1.3.6.1.4.1.9.9.96.1.1.1.1.2.111 i 1
snmpset -c san-fran -v 2c 192.168.1.23 1.3.6.1.4.1.9.9.96.1.1.1.1.3.111 i 4
snmpset -c san-fran -v 2c 192.168.1.23 1.3.6.1.4.1.9.9.96.1.1.1.1.4.111 i 1
snmpset -c san-fran -v 2c 192.168.1.23 1.3.6.1.4.1.9.9.96.1.1.1.1.5.111 a 192.168.1.252
snmpset -c san-fran -v 2c 192.168.1.23 1.3.6.1.4.1.9.9.96.1.1.1.1.6.111 s config_dsw1.txt
snmpset -c san-fran -v 2c 192.168.1.23 1.3.6.1.4.1.9.9.96.1.1.1.1.14.111 i 1

where:

• san-fran - is the community key of your cisco router.
• 192.168.1.23 - is the ip address of your Cisco device.
• 192.168.1.252 - is the ip address of your tftp server.
• config_dsw1 - is the name where the running configuration
• will be saved.
• 111 - random number

 

Commands Explained

1.3.6.1.4.1.9.9.96.1.1.1.1.2.111 i 1
ccCopyProtocol: The protocol file transfer protocol:

1 - tftp
2 - ftp
3 - rcp
4 - scp
5 - sftp
 
1.3.6.1.4.1.9.9.96.1.1.1.1.3.111 i 4
ccCopySourceFileType: Specifies the type of file to copy from:

1 - networkFile
2 - iosFile
3 - startupConfig
4 - runningConfig
5 - terminal
6 - fabricStartupConfig

1.3.6.1.4.1.9.9.96.1.1.1.1.4.111 i 1
ccCopyDestFileType: specifies the type of file to copy to:

1 - networkFile
2 - iosFile
3 - startupConfig
4 - runningConfig
5 - terminal
6 - fabricStartupConfig

1.3.6.1.4.1.9.9.96.1.1.1.1.5.111 a 192.168.1.252
ccCopyServerAddress: The IP address of the TFTP server

1.3.6.1.4.1.9.9.96.1.1.1.1.6.111 s config_dsw1.txt
ccCopyFileName: The file name (including the path) of the file.

1.3.6.1.4.1.9.9.96.1.1.1.1.14.336 i 1
ccCopyEntryRowStatus: The status of this table entry. Once is set to active, the associated entry cannot be modified until
the request completes (‘successful’ or ‘failed’) The object can be:

1 - active
2 - notInService
3 - notReady
4 - createAndGo
5 - createAndWait
6 - destroy

When enter this command, the router will send  the running configuration to the ftp-server!

 

Change the Config

If you encountered situation with SSH with no generated certificate, You config might look like this:

line vty 0 4
length 0
transport input ssh
line vty 5 15
transport input ssh
exit

You should fix it to:

line vty 0 4
length 0
transport input telnet
line vty 5 15
transport input telnet
exit

Some commands can be cancelled with “no ” statment before the command. Some, as in above case, not.

 

Upload the Config via SNMP

Upload it back by the following commands. Be careful! If you upload to startup-config, IOS will not merge the uploaded config and the startup one, it will replace it instead. Do not upload partial sets of commands!. To be on a safe side always I recommend to never upload partial configs. Only necessary lines should be added/cancelled/corrected and the whole config should be uploaded.

snmpset -c san-fran -v 2c 192.168.1.23 1.3.6.1.4.1.9.9.96.1.1.1.1.2.222 i 1
snmpset -c san-fran -v 2c 192.168.1.23 1.3.6.1.4.1.9.9.96.1.1.1.1.3.222 i 1
snmpset -c san-fran -v 2c 192.168.1.23 1.3.6.1.4.1.9.9.96.1.1.1.1.4.222 i 4
snmpset -c san-fran -v 2c 192.168.1.23 1.3.6.1.4.1.9.9.96.1.1.1.1.5.222 a 192.168.1.252
snmpset -c san-fran -v 2c 192.168.1.23 1.3.6.1.4.1.9.9.96.1.1.1.1.6.222 s config_dsw1.txt

where:

san-fran - is the community key of your cisco router.
192.168.1.23 - is the ip address of your Cisco device.
192.168.1.252 - is the ip address of your tftp server.
config_dsw1.txt - is the name where the running configuration will be saved.
222 - random number

 

Commands Explained

1.3.6.1.4.1.9.9.96.1.1.1.1.2.222 i 1
ccCopyProtocol: The protocol file transfer protocol:

1 - tftp
2 - ftp
3 - rcp
4 - scp
5 – sftp

1.3.6.1.4.1.9.9.96.1.1.1.1.3.222 i 1
ccCopySourceFileType: Specifies the type of file to copy from:

1 - networkFile
2 - iosFile
3 - startupConfig
4 - runningConfig
5 - terminal
6 - fabricStartupConfig
 
1.3.6.1.4.1.9.9.96.1.1.1.1.4.222 i 4
ccCopyDestFileType: specifies the type of file to copy to:

1 - networkFile
2 - iosFile
3 - startupConfig
4 - runningConfig
5 - terminal
6 - fabricStartupConfig

1.3.6.1.4.1.9.9.96.1.1.1.1.5.222 a 192.168.1.252
ccCopyServerAddress: The IP address of the TFTP server to copy the configuration file from.

1.3.6.1.4.1.9.9.96.1.1.1.1.6.222 s config_dsw1.txt
ccCopyFileName: The file name (including the path) of the file.

1.3.6.1.4.1.9.9.96.1.1.1.1.14.222 i 1
ccCopyEntryRowStatus: The status of this table entry.
Once is set to active, the associated entry cannot be modified until the request completes (‘successful’ or ‘failed’) The object can be:

1 - active
2 - notInService
3 - notReady
4 - createAndGo
5 - createAndWait
6 - destroy
 

Based On:

• http://tiamat.name/blogposts/fixing-ssh-access-on-cisco-via-snmp/
• http://www.ciscozine.com/send-cisco-commands-via-snmp/
• http://www.ciscozine.com/how-to-save-configurations-using-snmp/

Related Links

• http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15217-copy-configs-snmp.html
• http://www.notarus.net/networking/cisco_snmp_config.html
• http://ccie20728.wordpress.com/2008/05/20/get-the-cisco-configuration-over-snmp/
• http://packetpushers.net/fixing-screwups-with-snmp-config-management

Wifi on Linux via Command Line

Connect to a wireless network via command line

I know, the first thing you are asking is “Why would I want to have to connect to a wireless network from the command line?” To that question I can give you a simple answer…What if you want to create a script to run that will bring up your wireless network as soon as your desktop is loaded? You could get really complex and create a start up script to load a desktop based on what wirelessaccess point you needed to join. That’s one of the beauties of Linux, if you can dream it, you can do it.
But I am getting too far ahead of myself. Let’s get back to the basics shall we? First I am going to assume that your wireless card was detected by your distribution and has the proper drivers loaded. With that accomplished you will need to have the following tools:

• ifconfig: Enable your wireless device.
• iwlist: List the available wireless access points.
• iwconfig: Configure your wireless connection.
• dhclient: Get your IP address via dhcp.

The first command you need to use is ifconfig. With this command you are going to enable your wireless device. Most likely your device will be called wlan0. So in order to enable this you would enter the command (as root):

ifconfig wlan0 up

You won’t see any feedback unless there is a problem.
The next step is to scan for your wireless network to make sure it is available. Do this with the following command:

iwlist wlan0 scan

With this command you will see output like the following:

Cell 01 - Address: 00:21:43:4E:9B:F0
ESSID:"HAIR STROBEL"
Mode:Master
Channel:5
Frequency:2.432 GHz (Channel 5)
Quality=100/100? Signal level:-45 dBm? Noise level=-95 dBm
Encryption key:on
IE: WPA Version 1
Group Cipher : TKIP
Pairwise Ciphers (1) : TKIP
Authentication Suites (1) : PSK
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : TKIP
Pairwise Ciphers (1) : CCMP
Authentication Suites (1) : PSK
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 22 Mb/s
6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s
36 Mb/s; 48 Mb/s; 54 Mb/s
Extra:tsf=000002f1d9be01b7

So you know this network is available. From the above output you can also see this network is employing WPA2, so you will need a passkey. If you don’t know that passkey, you are out of luck (which would be the case no matter if you were using a front end in Linux, Windows, or Mac.)

Now it’s time to configure your connection. To do this issue the command:

iwconfig wlan0 essid NETWORK_ID key WIRELESS_KEY

Where NETWORK_ID is the ESSID of the network with which you want to connect and WIRELESS_KEY is the security key needed to connect to the wireless access point.

Note: iwconfig defaults to using a HEX key. If you want to use an ascii key you will have to add the “s:” prefix to your key like so:

iwconfig wlan0 essid NETWORK_ID key s:WIRELESS_KEY

Now that you have your configuration set, it’s time to get an IP address with the help of dhclient. Issue the command:

dhclient wlan0

If no output is reported there are no errors. You should now be up and running.


Make it a script

Of course who wants to type out all of those commands. Instead of doing this you could create a script for this like so:

#! /bin/bash
ifconfig wlan0
iwconfig wlan0 essid NETWORK_ID key WIRELESS_KEY
dhclient wlan0

Where NETWORK_ID is the actually essid of the network and WIRELESS_KEY is the security key for that network. Save this script with the filename wireless_up.sh and then make this script executable with the command:

chmod u+x wireless_up.sh

You can make this a global command by placing this script in /usr/local/bin. You can now issue the command wireless_up.sh from anywhere in your directory structure and it will run, connecting you to the configured wireless access point.

If you frequent many wireless access points you can create a script for each one giving them each unique names. By doing this, when you need to connect to a specific access point, just run the script associated with that access point and you’re good to go.

Taken From: http://www.ghacks.net/2009/04/14/connect-to-a-wireless-network-via-command-line/

Configure a Linux DHCP Server

Configure a DHCP Server


Introduction

Normally if you have a cable modem or DSL, you get your home PC's IP address dynamically assigned from your service provider. If you install a home cable/DSL router between your modem and home network, your PC will most likely get its IP address at boot time from the home router instead. You can choose to disable the DHCP server feature on your home router and set up a Linux box as the DHCP server.

This chapter covers only the configuration of a DHCP server that provides IP addresses. The configuration of a Linux DHCP client that gets its IP address from a DHCP server is covered in Chapter 3, "Linux Networking", on Linux Networking.
Download and Install the DHCP Package

Most RedHat and Fedora Linux software products are available in the RPM format. Downloading and installing RPMs aren't hard. If you need a refresher, Chapter 6, "Installing Linux Software", covers how to do this in detail.

When searching for the file, remember that the DHCP server RPM's filename usually starts with the word dhcp followed by a version number like this: dhcp-3.0.1rc14-1.i386.rpm.

Debian Note: With Debian / Ubuntu the package name may include a version number. Use the dpkg --list | grep dhcp command to get a list of all your dhcp packages and use the output to infer what the DHCP server package name would be. In this case we can guess that the package name should be dhcp3-server. If you need a DEB package installation refresher you can take a look at Chapter 6, "Installing Linux Software".

root@u-bigboy:/tmp# dpkg --list | grep dhcp
ii dhcp3-client 3.0.3-6ubuntu7 DHCP Client
ii dhcp3-common 3.0.3-6ubuntu7 Files used by all the dhcp3* packages
root@u-bigboy:/tmp#

The /etc/dhcpd.conf File

When DHCP starts, it reads the file /etc/dhcpd.conf. It uses the commands here to configure your network. The standard DHCP RPM package doesn't automatically install a /etc/dhcpd.conf file, but you can find a sample copy of dhcpd.conf in the following directory which you can always use as a guide.

/usr/share/doc/dhcp-/dhcpd.conf.sample

You have to copy the sample dhcpd.conf file to the /etc directory and then you'll have to edit it. Here is the command to do the copying for the version 3.0p11 RPM file:

[root@bigboy tmp]# cp /usr/share/doc/dhcp-3.0pl1/dhcpd.conf.sample /etc/dhcpd.conf

Debian Note: With Debian / Ubuntu the configuration file name is /etc/dhcp*/dhcpd.conf and has the same syntax as that used by Redhat / Fedora.

Here is a quick explanation of the dhcpd.conf file: Most importantly, there must be a subnet section for each interface on your Linux box.



ddns-update-style interim
ignore client-updates

subnet 192.168.1.0 netmask 255.255.255.0 {

# The range of IP addresses the server
# will issue to DHCP enabled PC clients
# booting up on the network

range 192.168.1.201 192.168.1.220;

# Set the amount of time in seconds that
# a client may keep the IP address

default-lease-time 86400;
max-lease-time 86400;

# Set the default gateway to be used by
# the PC clients

option routers 192.168.1.1;
# Don't forward DHCP requests from this
# NIC interface to any other NIC
# interfaces

option ip-forwarding off;

# Set the broadcast address and subnet mask
# to be used by the DHCP clients

option broadcast-address 192.168.1.255;
option subnet-mask 255.255.255.0;

# Set the DNS server to be used by the
# DHCP clients

option domain-name-servers 192.168.1.100;

# Set the NTP server to be used by the
# DHCP clients

option nntp-server 192.168.1.100;

# If you specify a WINS server for your Windows clients,
# you need to include the following option in the dhcpd.conf file:

option netbios-name-servers 192.168.1.100;

# You can also assign specific IP addresses based on the clients'
# ethernet MAC address as follows (Host's name is "laser-printer":

host laser-printer {
hardware ethernet 08:00:2b:4c:59:23;
fixed-address 192.168.1.222;
}
}
#
# List an unused interface here
#
subnet 192.168.2.0 netmask 255.255.255.0 {
}

There are many more options statements you can use to configure DHCP. These include telling the DHCP clients where to go for services such as finger and IRC. Check the dhcp-options man page after you do your install:

[root@bigboy tmp]# man dhcp-options

Note: The host statement seen in the sample dhcpd.conf file can be very useful. Some devices such as network printers default to getting their IP addresses using DHCP, but users need to access them by a fixed IP address to print their documents. This statement can be used to always provide specific IP address to DHCP queries from a predefined a NIC MAC address. This can help to reduce systems administration overhead.



How to Get DHCP Started

To get DHCP started:

1) Some older Fedora/RedHat versions of the DHCP server will fail unless there is an existing dhcpd.leases file. Use the command touch /var/lib/dhcp/dhcpd.leases to create the file if it does not exist.

[root@bigboy tmp]# touch /var/lib/dhcp/dhcpd.leases

2) Use the chkconfig command to get DHCP configured to start at boot:

[root@bigboy tmp]# chkconfig dhcpd on

With Debian / Ubuntu the equivalent command for the dhcp3-server package would be:

root@u-bigboy:/tmp# sysv-rc-conf dhcp3-server on

3) Use the service command to instruct the /etc/init.d/dhcpd script to start/stop/restart DHCP after booting

[root@bigboy tmp]# service dhcpd start
[root@bigboy tmp]# service dhcpd stop
[root@bigboy tmp]# service dhcpd restart

With Debian / Ubuntu the equivalent commands would be:

root@u-bigboy:/tmp# /etc/init.d/dhcp*-server start
root@u-bigboy:/tmp# /etc/init.d/dhcp*-server stop
root@u-bigboy:/tmp# /etc/init.d/dhcp*-server restart

4) Remember to restart the DHCP process every time you make a change to the conf file for the changes to take effect on the running process. You also can test whether the DHCP process is running with the following command; you should get a response of plain old process ID numbers:

[root@bigboy tmp]# pgrep dhcpd

5) Finally, always remember to set your PC to get its IP address via DHCP.




DHCP Servers with Multiple NICs (Network Interfaces)

When a DHCP configured PC boots, it requests its IP address from the DHCP server. It does this by sending a standardized DHCP broadcast request packet to the DHCP server with a source IP address of 255.255.255.255.

If your DHCP server has more than one interface, you have to add a route for this 255.255.255.255 address so that it knows the interface on which to send the reply; if not, it sends it to the default gateway. (In both of the next two examples, we assume that DHCP requests will be coming in on interface eth0).

Note: More information on adding Linux routes and routing may be found in Chapter 3, "Linux Networking".

Note: You can't run your DHCP sever on multiple interfaces because you can only have one route to network 255.255.255.255. If you try to do it, you'll discover that DHCP serving working on only one interface.



Temporary Solution

You can temporarily add a route to 255.255.255.255 using the route add command as seen below.

[root@bigboy tmp]# route add -host 255.255.255.255 dev eth0

If you want this routing state to be maintained after a reboot, then use the permanent solution that's discussed next.


Permanent Solution

The new Fedora Linux method of adding static routes doesn't seem to support sending traffic out an interface that's not destined for a specific gateway IP address. The DHCP packet destined for address 255.255.255.255 isn't intended to be relayed to a gateway, but it should be sent using the MAC address of the DHCP client in the Ethernet frame.

You have one of two choices. Add the route add command to your /etc/rc.local script, or add an entry like this to your /etc/sysconfig/static-routes file.

#
# File /etc/sysconfig/static-routes
#
eth0 host 255.255.255.255

Note: The /etc/sysconfig/static-routes file is a deprecated feature and Fedora support for it will eventually be removed.

Now that you have configured your server, it's time to take a look at the DHCP clients.



Configuring Linux Clients to Use DHCP

A Linux NIC interface can be configured to obtain its IP address using DHCP with the examples outlined in , "Linux Networking". Please refer to this chapter if you need a quick refresher on how to configure a Linux DHCP client.



Configuring Windows Clients to Use DHCP

Fortunately Windows defaults to using DHCP for all its NIC cards so you don't have to worry about doing any reconfiguration.
Using a Single DHCP Server to Serve Multiple Networks

As stated before, DHCP clients send their requests for IP addresses to a broadcast address which is limited to the local LAN. This would imply that a DHCP server is required on each subnet. Not so. It is possible to configure routers to forward DHCP requests to a DHCP server many hops away. This is done by inserting the IP address of the router's interface on the DHCP client's network into the forwarded packet. To the DHCP server, the non-blank router IP address field takes precedence over the broadcast address and it uses this value to provide a DHCP address that is meaningful to the client. The DHCP server replies with a broadcast packet, and the router, which has kept track of the initial forwarded request, forwards it back towards the client. You can configure this feature on Cisco devices by using the ip helper-address command on all the interfaces on which DHCP clients reside. Here is a configuration sample that points to a DHCP server with the IP address 192.168.36.25:

interface FastEthernet 2/1
ip address 192.168.1.30 255.255.255.0
ip helper-address 192.168.36.25



Simple DHCP Troubleshooting

The most common problems with DHCP usually aren't related to the server; after the server is configured correctly there is no need to change any settings and it therefore runs reliably. The problems usually occur at the DHCP client's end for a variety of reasons. The following sections present simple troubleshooting steps that you can go through to ensure that DHCP is working correctly on your network.



DHCP Clients Obtaining 169.254.0.0 Addresses

Whenever Microsoft DHCP clients are unable to contact their DHCP server they default to selecting their own IP address from the 169.254.0.0 network until the DHCP server becomes available again. This is frequently referred to as Automatic Private IP Addressing (APIPA). Here are some steps you can go through to resolve the problem:

* Ensure that your DHCP server is configured correctly and use the pgrep command discussed earlier to make sure the DHCP process is running. Pay special attention to your 255.255.255.255 route, especially if your DHCP server has multiple interfaces.
* Give your DHCP client a static IP address from the same range that the DHCP server is supposed to provide. See whether you can ping the DHCP server. If you cannot, double-check your cabling and your NIC cards.
* DHCP uses the BOOTP protocol for its communication between the client and server. Make sure there are no firewalls blocking this traffic. DHCP servers expect requests on UDP port 67 and the DHCP clients expect responses on UDP port 68.



Conclusion

In most home-based networks, a DHCP server isn't necessary because the DSL router / firewall usually has DHCP capabilities, but it is an interesting project to try. Just remember to make sure that the range of IP addresses issued by all DHCP servers on a network doesn't overlap because it could possibly cause unexpected errors. You might want to disable the router/firewall's DHCP server capabilities to experiment with your new Linux server.

A DHCP server may be invaluable in an office environment where the time and cost of getting a network engineer to get the work done may make it simpler for Linux systems administrators to do it by themselves.

Creating a Linux DHCP server is straightforward and touches all the major themes in the previous chapters. Now it's time to try something harder, but before we do, we'll do a quick refresher on how to create the Linux users who'll be using many of the applications outlined in the rest of the book.


Taken From: "http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch08_:_Configuring_the_DHCP_Server"

SugarCRM 5.0.0f on Ubuntu 8.04 (Hardy Heron)

SugarCRM HOWTO


# Install Apache With It's Documentation #####
$ sudo apt-get install apache2 apache2-doc

# Start Apache (it should already be started) #####
$ sudo /etc/init.d/apache2 start


# Test Apache #####

Type on Mozilla Firefox: http://127.0.0.1/
It souhld read: It works!

Note: The message "It works!" can be found at the /var/www
directorie, which is apaches's root directory, wich is were
we will install SugaCRM.



# Instaling MySQL and PHP necessary Dependencies #####

$ sudo apt-get install mysql-server mysql-client
Type in mySQL's root password in the upcoming textbox.

$ sudo apt-get install libapache2-mod-php5 libapache2-mod-perl2

$ sudo apt-get install php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-imap php5-ldap

$ sudo apt-get install php5-mhash php5-mysql php5-odbc curl libwww-perl imagemagick



# Creating SugarCRM MySQL Database #####

$ mysql -u root -p

mysql> create database sugarcrm;

mysql> exit



# Extract SugarCRM #####

$ cd /home/jose/Desktop/SugarCRM

$ unzip SugarCE-5.0.0f.zip



# Installing SugarCRM in Apache #####

# Copiar o SugarCRM para /var/www (apache root dir)
$ sudo cp -vr SugarCE-Full-5.0.0f /var/www



# Give Apache Ownership Over SugarCRM Files (apache-user: www-data) #####

$ sudo chown www-data -vR /var/www/SugarCE-Full-5.0.0f/*




# Write Permitions for Apache on Some of SugarCRM Files #####

$ cd /var/www/SugarCE-Full-5.0.0f

$ sudo chmod 766 config.php

$ sudo chmod 766 custom

$ sudo chmod -R 766 data

$ sudo chmod -R 766 cache

$ sudo chmod -R 766 modules



# Restart Apache #####

$ sudo /etc/init.d/apache2 restart



# Delete Apache's Test Page #####

$ sudo rm -rf /var/www/index.html



# Configuring php.ini #####

sudo gedit /etc/php5/apache2/php.ini


;memory_limit = 16M
memory_limit = 50M

;upload_max_filesize = 2M
upload_max_filesize = 10M



# Configuring SugarCRM #####

Type on Mozilla Firefox:
http://127.0.0.1/SugarCE-Full-5.0.0f/install.php
and configure SugarCRM acording to the presented instructions.

Nessus Instalation and Configuration

Nessus is a vulnerability scaner composed of two parts, the server and the client frontend.
The first step is to install the server and the client with the folowing comands:


# apt-get install nessusd

# apt-get install nessus


Now you need to add a user to nessus or else it wont connect to the server, even if you try your login and password on the machine where the server is instaled.


# sudo nessus-adduser

Password:
Using /var/tmp as a temporary file holder
Add a new nessusd user
----------------------

Login : my_login
Authentication (pass/cert) [pass] :
Login password :
Login password (again) :
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that my_login has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax

Login : my_login
Password : ***********
DN :
Rules :

Is that ok ? (y/n) [y] y
user added.



On the "Authentication (pass/cert) [pass] :" just press enter.
Now you just need to start the nessus server, with the folowing command:


# /etc/init.d/nessusd start


And start the client with:


# nessus


input the login and password you added before, select the plugins you want to use in the vulnerability scan and input the target of scan and press "Start the scan"