background image

Intelligence Gathering

21

msf > 

db_status

[*] postgresql connected to msfbook

Everything seems to be set up just fine.

Importing Nmap Results into Metasploit

When you are working with other team members, with various individuals 
scanning at different times and from different locations, it helps to know 
how to run 

nmap

 on its own and then import its results into the Framework. 

Next, we’ll examine how to import a basic 

nmap

-generated XML export file 

(generated with 

nmap

’s 

-oX

 option) into the Framework.

First, we scan the Windows virtual machine using the 

-oX

 option to gener-

ate a 

Subnet1.xml

 file:

nmap -Pn -sS -A -oX Subnet1 192.168.1.0/24

After generating the XML file, we use the 

db_import

 command to import 

it into our database. We can then verify that the import worked by using the 

db_hosts

 command, which lists the systems entries that have been created, as 

shown here:

msf > 

db_connect postgres:toor@127.0.0.1/msf3

msf > 

db_import Subnet1.xml

msf > 

db_hosts -c address

Hosts
=====

address       

-------       

192.168.1.1   
192.168.1.10  
192.168.1.101 
192.168.1.102 
192.168.1.109 
192.168.1.116 
192.168.1.142 
192.168.1.152 
192.168.1.154 
192.168.1.171 
192.168.1.155 
192.168.1.174 
192.168.1.180 
192.168.1.181 
192.168.1.2   
192.168.1.99  

msf >