Analyzing the stored results of the database
After storing the testing results in the database, the next step is to analyze it. Analyzing the data will give us a deeper understanding of our target systems. The results of the database can be kept either for a long time or for a short time storage depending upon the usage.
Getting ready
Launch msfconsole
and follow the steps mentioned in the previous recipe to establish the database connectivity. We can either use it to store fresh results or analyze the previously stored results as well. The XML file for the Nmap scan created in the previous recipe can be imported to analyze the previous scan results.
How to do it...
Let us analyze some of the important commands to have a clearer understanding of the stored results:
msf > hosts:
This command will show all the hosts that are available in the database. Let us analyze the output of this command:The preceding screenshot snapshot reflects the output of the hosts command. As we can observe, the result of this command is not very clean, as there are lots of columns in the table. So we can move ahead and add filters and view only those columns which we are interested in, as illustrated by the following command :
msf > hosts -c address,os_name Hosts ===== address os_name ------- ------ 192.168.56.1 192.168.56.101 192.168.56.102 Microsoft Windows 192.168.56.103 Linux
msf > services:
This is another interesting command that can give us useful information about the different services running on the target machines:msf > services Services ======== host port proto name state info ---- ---- ----- ---- ----- ---- 192.168.56.101 111 tcp rpcbind open 192.168.56.102 135 tcp msrpc open 192.168.56.102 139 tcp netbios-ssn open 192.168.56.102 445 tcp microsoft-ds open 192.168.56.102 135 tcp msrpc open Microsoft Windows RPC
msf > vulns:
This command lists all the vulnerabilities that exist in the hosts present in the database.msf > db_autopwn:
This is a powerful command that is used to automate the process of exploiting the target machines that are available in the database. This command requires more understanding about the exploitation process so we will analyze this command later.
How it works...
The analysis process is simple and can be easily filtered to get the desired results. We have seen how to read the database output and how we can manage it efficiently. The last two commands, vulns
and db_autopwn
are post-exploitation commands, which we will deal with in later chapters.