What’s the first thing come to your mind
when you think of doing network pentest of over 1000 IPs in couple of weeks? Is it really possible? Answer is YES!!!
My ONLY choice is Metasploit Database. This
handy tool is too awesome that it helps not only to exploit the vulnerabilities
directly from the Metasploit console but also saves plenty of time and prevents you to be in a messy situation. So how do you start?
Fire up your Metasploit and type db_status command to check if you have Metasploit database installed or not. If not, refer here, here and here to set it up. Assuming you have everything setup, lets get started.
- Grab the list of subnets that are in scope.
- Detect live host (NMAP -sP <Subnet_IP>) and dump these IP into a text file i.e. ip.txt. This step will take a bit of formatting effort.
- Fire up your NMAP to start network scans [and keep it running]. Note that Metasploit DB takes XML formatted output. This is the easiest way to get things running smoothly.
- To run NMAP, following is the most efficient command for TCP scans. Obviously, this part will take long time to complete as there is bunch of IP address(s) to scan.
sudo nmap -sV -v -O -Pn -iL ip.txt -oX network-scan.xml
- Leave the scans running for overnight and it should be completed next morning when you come back to hack..:)
- Next, import the NMAP XML output file to Metasploit. Here’s how you connect to Metasploit DB.
db_connect <username>:<password>
@localhost:5432
- Create workspace to import scan results and get things organised. The Metasploit command for this is:
workspace –a
<Workspace_name>
Refer here for all
Metasploit database commands.
- Now its time to import your NMAP results to Metasploit database. To import the XML file, do
db_import <Path_of_XML_file>
- Now you are ready to go and exploit utilising all Metasploit exploits..:)
- You can utilize all Metasploit exploits within seconds.
- Use –R switch to directly import RHOSTS list into the exploit.
- Conduct pentests in a most structured and organised manner.
Happy Hacking!!!
