Using Metasploit to Conduct NMAP Scans
Using Metasploit and nmap together as been a useful technique for me during some of my engagements. Below are the steps I take to implement that task.
- Start metasploit by issuing the following command:
- msfconsole
- Verify the status of the database by issuing the following command:
- db_status
- Run NMAP from inside msfconsole and save the output into the MetaSploit database.
- db_nmap -v -sV host_or_network_to_scan
- db_nmap -v -sV 192.168.1.1 (Single Host)
- db_nmap -v -sV 192.168.1.0/24 (Network Range)
- db_nmap -v -sV host_or_network_to_scan
- To list all the remote hosts discovered during your nmap scan issue command:
- Hosts
- To add the hosts to the list of remote targets issue command:
- hosts –R
- To list all of the available targets issue command:
- show targets
- You can search for exploits using the “search” keywords below:
- search type:exploit
- search CVE-XXXX-XXXX
- search cve:2014
- search name:wordpress
If you found this to be useful, please leave a comment.
Just what I was looking for!
Great!