Penetration testers are using different tools and methods in order to keep their penetration testing results.If our preference is to use Metasploit Framework for our activities then we can use the store our results in its database as Metasploit is already integrated with postgresql.This can prove very handy as many penetration tests can run for several days and we will need to have our results in a centralized environment for later use.This will help us not only in the reporting stage but and in the exploitation stage as we constructing our attack path.
If we want to check our database settings we need to type the following commands as the image below indicates:
The information that we have obtained above it can be used for connection with the database through the metasploit framework.if we want to check the available database commands we can run the command help in the metasploit console.
Now if we want to connect with the existing database or with another database that we have created we can use the following command:
Now lets say that we have to perform a scan in an IP address.We can use directly the command db_nmap IP from the metasploit console which it will scan the target and automatically it will store the results in the database.
Now if want to check the results in the database we can use the following commands:
The following two pictures are just a sample of the commands hosts and services.
Another thing that we can do here is to export the results in an XML format in order to use it with other tools like Dradis Framework.
In this article we saw how we can use the database with metasploit in order to store information from a port scan that we performed.We can use this functionality as well in order to import results from other tools like Nessus or to export the results for integration with Dradis.This function of Metasploit Framework offers the penetration tester the ability to manage his results in an efficient way.