Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Metasploit Penetration Testing Cookbook

You're reading from   Metasploit Penetration Testing Cookbook Evade antiviruses, bypass firewalls, and exploit complex environments with the most widely used penetration testing framework

Arrow left icon
Product type Paperback
Published in Feb 2018
Publisher
ISBN-13 9781788623179
Length 426 pages
Edition 3rd Edition
Languages
Arrow right icon
Authors (4):
Arrow left icon
Monika Agarwal Monika Agarwal
Author Profile Icon Monika Agarwal
Monika Agarwal
Abhinav Singh Abhinav Singh
Author Profile Icon Abhinav Singh
Abhinav Singh
Nipun Jaswal Nipun Jaswal
Author Profile Icon Nipun Jaswal
Nipun Jaswal
Daniel Teixeira Daniel Teixeira
Author Profile Icon Daniel Teixeira
Daniel Teixeira
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Metasploit Quick Tips for Security Professionals FREE CHAPTER 2. Information Gathering and Scanning 3. Server-Side Exploitation 4. Meterpreter 5. Post-Exploitation 6. Using MSFvenom 7. Client-Side Exploitation and Antivirus Bypass 8. Social-Engineer Toolkit 9. Working with Modules for Penetration Testing 10. Exploring Exploits 11. Wireless Network Penetration Testing 12. Cloud Penetration Testing 13. Best Practices 14. Other Books You May Enjoy

Using the database

Once the database is configured, we can start using it. First, we will take a look at how to import data from external tools using the db_import command.

Getting ready

To view how to use the command and list the currently supported file types in msfconsole, run the db_import command:

msf > db_import 
Usage: db_import <filename> [file2...]
​
Filenames can be globs like *.xml, or **/*.xml which will search recursively
Currently supported file types include:
Acunetix
Amap Log
Amap Log -m
Appscan
Burp Session XML
Burp Issue XML

...

Qualys Asset XML
Qualys Scan XML
Retina XML
Spiceworks CSV Export
Wapiti XML

How to do it...

  1. To test the db_import command, we will use the nmap command, a free security scanner, port scanner, and network exploration tool, with the -oX option to save the result to an XML file. Here is the syntax used to scan the Metasploitable 3 target machine:
nmap -Pn -A -oX report 192.168.216.10
  1. To import the scan report, you can use the db_import command followed by the path to the report you want to import:
msf > db_import /root/report
[*] Importing 'Nmap XML' data
[*] Import: Parsing with 'Nokogiri v1.8.0'</strong>
[*] Importing host 192.168.216.10
[*] Successfully imported /root/report

Alternatively, you can run the db_nmap command directly from msfconsole, and the results will be saved in your current database. The db_nmap command works the same way as the regular nmap command:

msf > db_nmap -Pn -A 192.168.216.129
[*] Nmap: Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-17 05:05 EDT
[*] Nmap: Nmap scan report for 192.168.216.129
[*] Nmap: Host is up (0.00092s latency).
[*] Nmap: Not shown: 977 closed ports
[*] Nmap: PORT STATE SERVICE VERSION
[*] Nmap: 21/tcp open ftp vsftpd 2.3.4
[*] Nmap: |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
[*] Nmap: | ftp-syst:
[*] Nmap: | STAT:

...

[*] Nmap: |_ System time: 2017-10-04T09:11:38-04:00
[*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
[*] Nmap: TRACEROUTE
[*] Nmap: HOP RTT ADDRESS
[*] Nmap: 1 0.92 ms 192.168.216.129
[*] Nmap: OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 31.88 seconds
You have been reading a chapter from
Metasploit Penetration Testing Cookbook - Third Edition
Published in: Feb 2018
Publisher:
ISBN-13: 9781788623179
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime