Auto-exploitation with db_autopwn
In the previous section, we saw how the Metasploit Framework helps us import scans from various other tools such as NMAP and Nessus. Now, once we have imported the scan results into the database, the next logical step would be to find exploits matching the vulnerabilities /ports from the imported scan. We can certainly do this manually, for instance, if our target is Windows XP and it has TCP port 445 open, then we can try out the MS08_67netapi vulnerability against it.
The Metasploit Framework offers a script called db_autopwn, which automates the exploit matching process, executes the appropriate exploit if a match is found, and gives us a remote shell. However, before you try this script, a few of the following things need to be considered.
The db_autopwn script is officially depreciated from the Metasploit Framework. You would need to explicitly download and add it to your Metasploit instance. This is a very resource-intensive script since...
