Subscribe by RSS RSS Icon
Follow me on Twitter Twitter Icon

Using Metasploit db_autopwn With NeXpose Scan Result

We can use Metasploit db_autopwn feature to execute exploits against the host(s) from the database. Before that, we need to import our scan result into db_autopwn database. I'm going to use scan result from NeXpose vulnerability scanner for this one.

We create a new report in NeXpose and save the scan results in 'NeXpose Simple XML' format so that we can later import into Metasploit.


Next, we fire up Metasploit, choose sqlite3 as the db_driver.


Connect to the database and import our xml file. In this case, my report.xml file is located under root. Once it's done, it will prompt you that the file has been successfully imported.


Now, running the 'db_services' and 'db_vulns' command will display the all-important vulnerability information that Metasploit now has at its disposal.


We will tell db_autopwn to attack all targets using the vulnerabilities that are gathered in the database. Similarly, we can do the same for Nessus or Nmap scan results as well.

 
Copyright Info.

Only for my personal reference. I do not own any of these materials here. Use it at your own risk!

XHTML/CSS validations
Valid XHTML 1.0 Transitional Valid CSS!