background image

48

Chapter 4

open a summary page of the scan that shows the severity levels of the vulner-
abilities found, as shown in Figure 4-17.

Figure 4-17: Our Nessus scan report summary

NOTE

Bear in mind that because this scan was run with Windows credentials, Nessus will 
find many more vulnerabilities than it would with an anonymous scan.

Importing Results into the Metasploit Framework

Now let’s import our results into the Framework.

1.

Click the 

Download Report

 button on the Reports tab to save the results 

to your hard drive. The default file format for Nessus reports, 

.nessus

, can 

be parsed by Metasploit, so click 

Submit

 when prompted to select the 

default format.

2.

Load 

msfconsole

, create a new database with 

db_connect

, and import the 

Nessus results file by entering 

db_import

 followed by the report filename.

msf > 

db_connect postgres:toor@127.0.0.1/msf3

msf > 

db_import /tmp/nessus_report_Host_195.nessus

[*] Importing 'Nessus XML (v2)' data
[*] Importing host 192.168.1.195

3.

To verify that the scanned host and vulnerability data was imported 
properly, enter 

db_hosts

 as shown next. This should output a brief list-

ing with the target IP address, the number of services detected, and the 
number of vulnerabilities found by Nessus.

msf > 

db_hosts -c address,svcs,vulns

Hosts
=====
address        svcs  vulns
-------        ----  -----
192.168.1.195  18    345