Home page logo

basics logo Security Basics mailing list archives

Re: Re: Automated penetration test
From: jeevanullas () gmail com
Date: Fri, 17 Apr 2009 06:53:57 -0600


The blogspot link pointed above is using commands which are pretty old.

If you are using metasploit3-dev from SVN then you need to first configure whatever db you would like to use first of 

I had done automated pen testing with metasploit3-dev using postgresql db.

Just load the appropriate db plugin using:

msf > db_driver postgresql;

Then you need to issue the db_create to create the db , this might require you to setup a appropriate role in 
postgresql before hand which postgresql logs will let you know off.

After that as mentioned in the blog post also you just need to run db_nmap to run nmap on a particular port in a 
particular network.

Though .nessus file from Nessus or .xml output file from nmap also works (basically loads the db).

Finally as people above suggested there you have the db_autopwn to finally start the exploiting.

There were couple of changes made to the MSF to support postgresql so if you are using msf3 then please do a 'svn 
update' from the msf3 directory on your system.

Also regarding the payload , well I have tested vncinject payloads to work perfectly fine with automated pen testing 
jobs done via metasploit3-dev.

Cheers ;)

Deependra Singh Shekhawat

This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]