Pasar Resultado de escaneo de Nmap al MSF
En la practica anterior, pudimos observar como logramos pasar el resultado de un scanneo de Nessus, ahora veremos como hacer lo mismo, pero ahora con el scanner Nmap. Recordemos que realizamos este paso para un mejor y rapido acceso a los datos almacenados.
Primero que todo ingresemos a la consola del Metasploit. Despues crearemos una nueva base de datos, recordemos de eliminar la base de datos anteriores. Así:
shell@ShellRoot:~/msf3$ ./msfconsole
=[ metasploit v3.3.3-release [core:3.3 api:1.0]
+ -- --=[ 481 exploits - 220 auxiliary
+ -- --=[ 192 payloads - 22 encoders - 8 nops
msf > db_destroy
[*] Deleting /home/shell/.msf3/sqlite3.db...
msf > db_create
[*] Creating a new database instance...
[*] Successfully connected to the database
[*] File: /home/shell/.msf3/sqlite3.db
msf >
Ahora escaneemos algunas IP's con el Nmap y la guardamos dentro de un archivo XML. Para posteriormente leer el archivo desde el Metasploit. El archivo lo llamaremos: Prueba1
msf > nmap -v -sV -oA /home/shell/Prueba1
[*] exec: nmap -v -sV -oA /home/shell/Prueba1
Starting Nmap 4.62 ( ) at 2010-01-02 16:06 COT
Initiating Ping Scan at 16:06
Scanning 256 hosts [1 port/host]
Completed Ping Scan at 16:06, 1.03s elapsed (256 total hosts)
Initiating Parallel DNS resolution of 256 hosts. at 16:06
Completed Parallel DNS resolution of 256 hosts. at 16:06, 13.01s elapsed
Initiating Connect Scan at 16:06
Scanning 3 hosts [1715 ports/host]
Discovered open port 80/tcp on
Completed Connect Scan against in 1.48s (2 hosts left)
Completed Connect Scan against in 1.48s (1 host left)
Completed Connect Scan at 16:06, 1.48s elapsed (5145 total ports)
Initiating Service scan at 16:06
Scanning 1 service on 3 hosts
Completed Service scan at 16:06, 5.00s elapsed (1 service on 3 hosts)
SCRIPT ENGINE: Initiating script scanning.
Initiating SCRIPT ENGINE at 16:06
Completed SCRIPT ENGINE at 16:06, 0.01s elapsed
Host appears to be up ... good.
Interesting ports on
Not shown: 1714 closed ports
80/tcp open tcpwrapped
Host appears to be up ... good.
All 1715 scanned ports on are closed
Host appears to be up ... good.
All 1715 scanned ports on are closed
Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at .
Nmap done: 256 IP addresses (3 hosts up) scanned in 20.856 seconds
msf >
Despues miramos que opciones podemos ejecutar, Usando el comando Help... xD
msf > help
Database Backend Commands
Command Description
------- -----------
db_add_host Add one or more hosts to the database
db_add_note Add a note to host
db_add_port Add a port to host
db_autopwn Automatically exploit everything
db_connect Connect to an existing database
db_create Create a brand new database
db_del_host Delete one or more hosts from the database
db_del_port Delete one port from the database
db_destroy Drop an existing database
db_disconnect Disconnect from the current database instance
db_driver Specify a database driver
db_hosts List all hosts in the database
db_import_amap_mlog Import a THC-Amap scan results file (-o -m)
db_import_nessus_nbe Import a Nessus scan result file (NBE)
db_import_nessus_xml Import a Nessus scan result file (NESSUS)
db_import_nmap_xml Import a Nmap scan results file (-oX)
db_nmap Executes nmap and records the output automatically
db_notes List all notes in the database
db_services List all services in the database
db_vulns List all vulnerabilities in the database
db_workspace Switch between database workspaces
msf >
Obviamente usamos el comando db_import_nmap_xml, que es el que nos permite la importacion del archivo XML que acabamos de crear con el Nmap.
msf > db_import_nmap_xml /home/shell/Prueba1.xml
msf >
Ahora recordemos los comandos que usamos en el ejemplo de importacion de resultados del Scanner Nessus.
Miremos los hosts que escanneamos.
msf > db_hosts
address address6 arch comm created info mac name os_flavor os_lang os_name os_sp state Svcs Vulns Workspace
------- -------- ---- ---- ------- ---- --- ---- --------- ------- ------- ----- ----- ---- ----- --------- Sat Jan 02 16:10:47 -0500 2010 alive 1 0 default Sat Jan 02 16:10:47 -0500 2010 alive 0 0 default Sat Jan 02 16:10:47 -0500 2010 alive 0 0 default
msf >
Ahora miremos los servicios que estan corriendo.
msf > db_services
created info name port proto state Host Workspace
------- ---- ---- ---- ----- ----- ---- ---------
Sat Jan 02 16:10:47 -0500 2010 80 tcp open default
msf >
Como este es un Scanner de puertos y no es tan pontente como el Nessus no podemos ejecutar el comando db_vulns
