- Metasploit Penetration Testing Cookbook
- Abhinav Singh
- 407字
- 2021-08-13 18:21:11
Analyzing the stored results of the database
After storing the testing results in the database, the next step is to analyze it. Analyzing the data will give us a deeper understanding of our target systems. The results of the database can be kept either for a long time or for a short time storage depending upon the usage.
Getting ready
Launch msfconsole and follow the steps mentioned in the previous recipe to establish the database connectivity. We can either use it to store fresh results or analyze the previously stored results as well. The XML file for the Nmap scan created in the previous recipe can be imported to analyze the previous scan results.
How to do it...
Let us analyze some of the important commands to have a clearer understanding of the stored results:
msf > hosts:This command will show all the hosts that are available in the database. Let us analyze the output of this command:
The preceding screenshot snapshot reflects the output of the hosts command. As we can observe, the result of this command is not very clean, as there are lots of columns in the table. So we can move ahead and add filters and view only those columns which we are interested in, as illustrated by the following command :
msf > hosts -c address,os_name Hosts ===== address os_name ------- ------ 192.168.56.1 192.168.56.101 192.168.56.102 Microsoft Windows 192.168.56.103 Linuxmsf > services:This is another interesting command that can give us useful information about the different services running on the target machines:msf > services Services ======== host port proto name state info ---- ---- ----- ---- ----- ---- 192.168.56.101 111 tcp rpcbind open 192.168.56.102 135 tcp msrpc open 192.168.56.102 139 tcp netbios-ssn open 192.168.56.102 445 tcp microsoft-ds open 192.168.56.102 135 tcp msrpc open Microsoft Windows RPCmsf > vulns:This command lists all the vulnerabilities that exist in the hosts present in the database.msf > db_autopwn:This is a powerful command that is used to automate the process of exploiting the target machines that are available in the database. This command requires more understanding about the exploitation process so we will analyze this command later.
How it works...
The analysis process is simple and can be easily filtered to get the desired results. We have seen how to read the database output and how we can manage it efficiently. The last two commands, vulns and db_autopwn are post-exploitation commands, which we will deal with in later chapters.
- 物聯網與無線傳感器網絡
- 計算機網絡與通信(第2版)
- SSL VPN : Understanding, evaluating and planning secure, web/based remote access
- The Kubernetes Workshop
- jQuery Mobile Web Development Essentials
- 端到端QoS網絡設計
- Learning Node.js Development
- 一本書讀懂TCP/IP
- Web用戶查詢日志挖掘與應用
- 精通SEO:100%網站流量提升密碼
- 數字王國里的虛擬人:技術、商業與法律解讀
- 工業以太網技術:AFDX/TTE網絡原理、接口、互連與安全
- 物聯網,So Easy!
- 智能物聯安防視頻技術基礎與應用
- 無線傳感器網絡定位方法及應用