Getting ready

To start the NeXpose from the msf console, we will first have to connect the database to Metasploit, and then load the plugin to connect it with the NeXpose server to start the process of target scanning. Let us execute these steps in the command line.

msf > db_connect msf3:8b826ac0@127.0.0.1:7175/msf3 msf > load nexpose msf > nexpose_connect darklord:toor@localhost ok [*] Connecting to NeXpose instance at 127.0.0.1:3780 with username darklord... 

How to do it...

Now that we are connected with our server, we can scan our target and generate reports. There are two scan commands supported by NeXpose. One is nexpose_scan and the other is nexpose_discover. The former will scan a range of IP addresses and import the results, whereas the latter will scan only to discover hosts and services running on them. Let us perform a quick scan on our target using NeXpose.

msf > nexpose_discover 192.168.56.102 [*] Scanning 1 addresses with template aggressive-discovery in sets of 32 [*] Completed the scan of 1 addresses 

How it works...

Once the scan is complete, we can view its results by using the default database commands of the msf console.

Let us see what scan results have been produced by NeXpose:

msf > hosts -c address,os_name,os_flavor Hosts ===== address os_name os_flavor ------- ------- --------- 192.168.56.102 Microsoft Windows XP msf > 

There's more...

After the information has been collected, the final step will be importing the results. Let us see how it is executed.

msf > db_import nexposelist.xml [*] Importing 'Nexpose XML (v2)' data [*] Importing host 192.168.56.102 [*] Successfully imported /root/nexposelist.xml