Remote Exploitation
◾
183
Storing Information from Nmap into Metasploit Database
Let’s take a brief look at how we can store the nmap scans results into the Metasploit database.
There is a hard way
and an easy way of doing this; let’s look at the hard way first:
Step 1
—We know that nmap scans can be saved in multiple output formats. We now need to
save our nmap scan in an xml format by specifying the –oX argument followed by the file
name.
Example
msf> nmap
–oX output.xml.
Next, we would import the XML file to our Metasploit database by specifying the following com-
mand within the Metasploit console:
msf> db_import
db_nmap Command
Let’s try the easy way now. All you need to do now is to use the
db _ nmap
command instead
of simply using “nmap” and the scan results would be automatically saved inside the metasploit
database.
Once the scan is complete, we can use the
db _ hosts
command to load up all the informa-
tion that was automatically stored in the Metasploit database as a result of our scan. In this case,
I performed both OS detection and version detection via
nmap
and, therefore, the
os _ name
,
os _ flavor
are displayed in the output.
184
◾
Ethical Hacking and Penetration Testing Guide
Useful Scans with Metasploit
In the “Vulnerability Assessment” chapter (Chapter 5), we discussed how to integrate Nessus
within Metasploit. However, Metasploit has its own built-in scanners
that can be very helpful in
our engagements; we have already discussed some of them. Let’s take a look at some others.
Port Scanners
Metasploit has a couple of useful port scanners; to
view a full list of scanners, we can just type
“search portscan” from our Metasploit console, and it will display the list.
Now, if you had read the “Port Scanning” chapter (Chapter 4)
carefully, you will already be
familiar with all of these scans.
Dostları ilə paylaş: 
