- Metasploit Penetration Testing Cookbook
- Abhinav Singh
- 411字
- 2021-08-13 18:21:10
Using the database to store penetration testing results
Let us now learn how we can use our configured database to store our results of the penetration tests.
Getting ready
If you have successfully executed the previous recipe, you are all set to use the database for storing the results. Enter the help command in msfconsole to have a quick look at the important database commands available to us.
How to do it...
Let us start with a quick example. The db_nmap command stores the results of the port scan directly into the database, along with all relevant information. Launch a simple Nmap scan on the target machine to see how it works:
msf > db_nmap 192.168.56.102 [*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-10-04 20:03 IST [*] Nmap: Nmap scan report for 192.168.56.102 [*] Nmap: Host is up (0.0012s latency) [*] Nmap: Not shown: 997 closed ports [*] Nmap: PORT STATE SERVICE [*] Nmap: 135/tcp open msrpc [*] Nmap: 139/tcp open netbios-ssn [*] Nmap: 445/tcp open microsoft-ds [*] Nmap: MAC Address: 08:00:27:34:A8:87 (Cadmus Computer Systems) [*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds
As we can see, Nmap has produced the scan results and it will automatically populate the msf3 database that we are using.
We can also use the -oX parameter in the Nmap scan to store the result in XML format. This will be very beneficial for us to import the scan results in other third-party software, such as the Dardis framework which we will be analyzing in our next chapter.
msf > nmap 192.168.56.102 -A -oX report [*] exec: nmap 192.168.56.102 -A -oX report Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-10-05 11:57 IST Nmap scan report for 192.168.56.102 Host is up (0.0032s latency) Not shown: 997 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 08:00:27:34:A8:87 (Cadmus Computer Systems) Nmap done: 1 IP address (1 host up) scanned in 0.76 seconds
Here report is the name of the file where our scanned result will be stored. This will be helpful for us in later recipes of the book.
How it works...
The db_nmap command creates an SQL query with various table columns relevant to the scan results. Once the scan is complete, it starts storing the values into the database. The flexibility to store results in the form of spreadsheets makes it easier to share the results locally or with third-party tools.
- 計算機網(wǎng)絡與通信(第2版)
- JBoss EAP6 High Availability
- 物聯(lián)網(wǎng)+BIM:構建數(shù)字孿生的未來
- 物聯(lián)網(wǎng)與無線傳感器網(wǎng)絡
- 城域網(wǎng)與廣域網(wǎng)(第2版)
- 網(wǎng)絡安全應急響應技術實戰(zhàn)
- WordPress Web Application Development
- 5G技術與標準
- 互聯(lián)網(wǎng)安全的40個智慧洞見(2016)
- Dart Cookbook
- Getting Started with tmux
- 網(wǎng)絡安全之道
- 物聯(lián)網(wǎng),So Easy!
- RestKit for iOS
- 物聯(lián)網(wǎng)與智慧廣電