Ethical Hacking and Penetration Testing Guide

Remote Exploitation
◾ 
183
Storing Information from Nmap into Metasploit Database
Let’s take a brief look at how we can store the nmap scans results into the Metasploit database. 
There is a hard way and an easy way of doing this; let’s look at the hard way first:
Step 1
—We know that nmap scans can be saved in multiple output formats. We now need to 
save our nmap scan in an xml format by specifying the –oX argument followed by the file 
name.
Example
msf> nmap –oX output.xml.
Next, we would import the XML file to our Metasploit database by specifying the following com-
mand within the Metasploit console:
msf> db_import
db_nmap Command
Let’s try the easy way now. All you need to do now is to use the 
db _ nmap
command instead 
of simply using “nmap” and the scan results would be automatically saved inside the metasploit 
database.
Once the scan is complete, we can use the 
db _ hosts
command to load up all the informa-
tion that was automatically stored in the Metasploit database as a result of our scan. In this case, 
I performed both OS detection and version detection via 
nmap
and, therefore, the 
os _ name
, 
os _ flavor
are displayed in the output.

184
◾ 
Ethical Hacking and Penetration Testing Guide
Useful Scans with Metasploit
In the “Vulnerability Assessment” chapter (Chapter 5), we discussed how to integrate Nessus 
within Metasploit. However, Metasploit has its own built-in scanners that can be very helpful in 
our engagements; we have already discussed some of them. Let’s take a look at some others.
Port Scanners
Metasploit has a couple of useful port scanners; to view a full list of scanners, we can just type 
“search portscan” from our Metasploit console, and it will display the list.
Now, if you had read the “Port Scanning” chapter (Chapter 4) carefully, you will already be 
familiar with all of these scans.

Yüklə 22,44 Mb.

Dostları ilə paylaş: