Packt+ | Advance your knowledge in tech

You're reading from Metasploit Penetration Testing Cookbook Over 70 recipes to master the most widely used penetration testing framework with this book and ebook.

Product type Paperback

Published in Jun 2012

Publisher Packt

ISBN-13 9781849517423

Length 268 pages

Edition 1st Edition

Tools

Metasploit

Concepts

Penetration Testing

Author (1):

Abhinav Singh

View More author details

Table of Contents (17) Chapters

Metasploit Penetration Testing Cookbook

Credits

About the Author

About the Reviewers

www.PacktPub.com

Preface

1. Metasploit Quick Tips for Security Professionals

2. Information Gathering and Scanning FREE CHAPTER

3. Operating System-based Vulnerability Assessment and Exploitation

4. Client-side Exploitation and Antivirus Bypass

5. Using Meterpreter to Explore the Compromised Target

6. Advanced Meterpreter Scripting

7. Working with Modules for Penetration Testing

8. Working with Exploits

9. Working with Armitage

10. Social Engineer Toolkit

Index

Using the database to store penetration testing results

Let us now learn how we can use our configured database to store our results of the penetration tests.

Getting ready

If you have successfully executed the previous recipe, you are all set to use the database for storing the results. Enter the help command in msfconsole to have a quick look at the important database commands available to us.

How to do it...

Let us start with a quick example. The db_nmap command stores the results of the port scan directly into the database, along with all relevant information. Launch a simple Nmap scan on the target machine to see how it works:

msf > db_nmap 192.168.56.102
[*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-10-04 20:03 IST
[*] Nmap: Nmap scan report for 192.168.56.102
[*] Nmap: Host is up (0.0012s latency)
[*] Nmap: Not shown: 997 closed ports
[*] Nmap: PORT  STATE SERVICE
[*] Nmap: 135/tcp open  msrpc
[*] Nmap: 139/tcp open  netbios-ssn
[*] Nmap: 445/tcp open  microsoft-ds
[*] Nmap: MAC Address: 08:00:27:34:A8:87 (Cadmus Computer Systems)
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds

As we can see, Nmap has produced the scan results and it will automatically populate the msf3 database that we are using.

We can also use the –oX parameter in the Nmap scan to store the result in XML format. This will be very beneficial for us to import the scan results in other third-party software, such as the Dardis framework which we will be analyzing in our next chapter.

msf > nmap 192.168.56.102 –A -oX report
[*] exec: nmap 192.168.56.102 –A -oX report
Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-10-05 11:57 IST
Nmap scan report for 192.168.56.102
Host is up (0.0032s latency)
Not shown: 997 closed ports
PORT	STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 08:00:27:34:A8:87 (Cadmus Computer Systems)
Nmap done: 1 IP address (1 host up) scanned in 0.76 seconds

Here report is the name of the file where our scanned result will be stored. This will be helpful for us in later recipes of the book.

How it works...

The db_nmap command creates an SQL query with various table columns relevant to the scan results. Once the scan is complete, it starts storing the values into the database. The flexibility to store results in the form of spreadsheets makes it easier to share the results locally or with third-party tools.

The rest of the chapter is locked