Now, we are going to log in using the username and password that we set when we installed the tool. As we can see in the following screenshot, we have a web interface for using the tool:

Now, we can access the account and go to our user settings or log out. We can also check for software updates.

The first time we log in, it will ask us to enter the activation key. The activation key will be sent as an email to the email address that we put when we downloaded the tool. Make sure you put a valid email address when you download the tool.

We're going to start a scan, and we are going to click on Project | New Project. We are going to call this project metasploitable, we are going to leave the Description empty, and then it's asking us for a Network range. We can set that the same way we did with Zenmap. We can set it to a range. It actually has a range that is within our subnet at the moment. It's 10.0.2.1 up to 254. We can scan the whole network for vulnerabilities and exploits but for now, we're not going to do that; we're only going to target 10.0.2.4, which is the Metasploitable machine.

Now, we are going to click on Create Project. The following screenshot shows all the parameters we discussed:

Now, the project has been created and we're going to start a scan on it. We are going to go on the Scan button on the left side of the screen and click that. We can just launch the scan like this, or we can go on Show Advanced Options to set some advanced options. If we have a range, we can use the exclude address to exclude some IPs. For example, if we were targeting the whole network from 1 to 254, we can exclude our computer by just typing 10.0.2.15, which is our IP, to exclude it from the search. You can also put a custom Nmap argument because Metasploit will actually use Nmap to get the services and the installed applications. We can add additional TCP ports or take away TCP ports. Again, we can do the same. We can even set the speed. We also have the UDP service discovery. It actually discovers the service that's installed on the port. We can also set credentials. If the target computer uses some sort of authentication then we can set it up, but our target doesn't use any of that, so we're fine. We can also set a tag for the target computer, or for the target scan. Now, we are not going to mess with these settings. Keep everything the same to keep it simple, and we are going to launch the scan. Give it some time to do the scan, and once this is over we'll see how we can analyze and discover, and see what we can do with the discovered information.