Metasploit Penetration Testing Cookbook
上QQ阅读APP看书,第一时间看更新

Using the database to store penetration testing results

Let us now learn how we can use our configured database to store our results of the penetration tests.

Getting ready

If you have successfully executed the previous recipe, you are all set to use the database for storing the results. Enter the help command in msfconsole to have a quick look at the important database commands available to us.

How to do it...

Let us start with a quick example. The db_nmap command stores the results of the port scan directly into the database, along with all relevant information. Launch a simple Nmap scan on the target machine to see how it works:

msf > db_nmap 192.168.56.102 [*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-10-04 20:03 IST [*] Nmap: Nmap scan report for 192.168.56.102 [*] Nmap: Host is up (0.0012s latency) [*] Nmap: Not shown: 997 closed ports [*] Nmap: PORT STATE SERVICE [*] Nmap: 135/tcp open msrpc [*] Nmap: 139/tcp open netbios-ssn [*] Nmap: 445/tcp open microsoft-ds [*] Nmap: MAC Address: 08:00:27:34:A8:87 (Cadmus Computer Systems) [*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds

As we can see, Nmap has produced the scan results and it will automatically populate the msf3 database that we are using.

We can also use the -oX parameter in the Nmap scan to store the result in XML format. This will be very beneficial for us to import the scan results in other third-party software, such as the Dardis framework which we will be analyzing in our next chapter.

msf > nmap 192.168.56.102 -A -oX report [*] exec: nmap 192.168.56.102 -A -oX report Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-10-05 11:57 IST Nmap scan report for 192.168.56.102 Host is up (0.0032s latency) Not shown: 997 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 08:00:27:34:A8:87 (Cadmus Computer Systems) Nmap done: 1 IP address (1 host up) scanned in 0.76 seconds

Here report is the name of the file where our scanned result will be stored. This will be helpful for us in later recipes of the book.

How it works...

The db_nmap command creates an SQL query with various table columns relevant to the scan results. Once the scan is complete, it starts storing the values into the database. The flexibility to store results in the form of spreadsheets makes it easier to share the results locally or with third-party tools.