42
Chapter 4
4.
In the Select Devices dialog, select the targets to include in your report
and then click
Save
.
5.
Back in the Report Configuration wizard, click
Save
to accept the remaining
defaults for the report. The Reports tab should now list the newly created
report, as shown in Figure 4-10. (Be sure to save the report file so that
you can use it with the Framework.)
Figure 4-10: The Reports tab lists your reports.
Importing Your Report into the Metasploit Framework
Having completed a full vulnerability scan with NeXpose, you need to import
the results into Metasploit. But before you do, you must create a new database
from
msfconsole
by issuing
db_connect
. After creating that database you’ll import
the NeXpose XML using the
db_import
command. Metasploit will automati-
cally detect that the file is from NeXpose and import the scanned host. You
can then verify that the import was successful by running the
db_hosts
command.
(These steps are shown in the following listing.) As you can see at , Metasploit
knows about the 268 vulnerabilities that your scan picked up.
msf >
db_connect postgres:toor@127.0.0.1/msf3
msf >
db_import /tmp/host_195.xml
[*] Importing 'NeXpose Simple XML' data
[*] Importing host 192.168.1.195
[*] Successfully imported /tmp/host_195.xml
msf >
db_hosts -c address,svcs,vulns
Hosts
=====
address Svcs Vulns Workspace
------- ---- ----- ---------
192.168.1.195 8 268 default
To display the full details of the vulnerabilities imported into Metasploit,
including Common Vulnerabilities and Exposures (CVE) numbers and other
references, run the following:
msf >
db_vulns
As you can see, running an overt vulnerability scan with full credentials
can provide an amazing amount of information—268 vulnerabilities found