48
Chapter 4
open a summary page of the scan that shows the severity levels of the vulner-
abilities found, as shown in Figure 4-17.
Figure 4-17: Our Nessus scan report summary
NOTE
Bear in mind that because this scan was run with Windows credentials, Nessus will
find many more vulnerabilities than it would with an anonymous scan.
Importing Results into the Metasploit Framework
Now let’s import our results into the Framework.
1.
Click the
Download Report
button on the Reports tab to save the results
to your hard drive. The default file format for Nessus reports,
.nessus
, can
be parsed by Metasploit, so click
Submit
when prompted to select the
default format.
2.
Load
msfconsole
, create a new database with
db_connect
, and import the
Nessus results file by entering
db_import
followed by the report filename.
msf >
db_connect postgres:toor@127.0.0.1/msf3
msf >
db_import /tmp/nessus_report_Host_195.nessus
[*] Importing 'Nessus XML (v2)' data
[*] Importing host 192.168.1.195
3.
To verify that the scanned host and vulnerability data was imported
properly, enter
db_hosts
as shown next. This should output a brief list-
ing with the target IP address, the number of services detected, and the
number of vulnerabilities found by Nessus.
msf >
db_hosts -c address,svcs,vulns
Hosts
=====
address svcs vulns
------- ---- -----
192.168.1.195 18 345