Automating Metasploit

Metasploit is a free, open source tool for developing and executing exploit code against a remote target machine. In regards to automated penetration testing, starting with version 3, Metasploit offers a module called autopwn which can automate the exploitation phase of a penetration test. While autopwn is far from perfect, it does a decent job of exploiting multiple hosts. With 269 exploits (as of the latest update) you have lots of options (especially with Windows targets) for gaining a basic bind shell with autopwn. Some of the strengths of autopwn include the ability to import vulnerability data from Nessus NBE files and to pull in Nmap XML output. Nice feature that works well. In addition, you can run Nmap from within the Metasploit console and it will put the results in the database. Finally, you can launch exploits based on ports, services or vulnerabilities from your imported data.
The db_autopwn command is where the exploitation magic happens. This command will scan through the database tables and create a list of modules that match up to specific vulnerabilities. This matching process can happen in two different ways. The first method involves analyzing the list of vulnerability references for every exploit and matching them up with the references in every imported vulnerability record. This cross-referencing method is fairly accurate and depends on standard identifiers, such as OSVDB, Bugtraq, and CVE to match exploits with their targets. The second method uses the default port associated with each exploit module to locate targets running the same service. While this will work in most cases, it can cause a fair amount of collateral damage and is likely to miss vulnerabile services running on non-default ports.

Install Metasploit, mysql, nessus, nmap. Mysql part Start mysql. /etc/init.d/mysql start Connect to mysql database Mysql u root -p Create a mysql database data1 . Create database data1; Nessus part

Start nessus /etc/init.d/nessusd start Add nesssus user and give admin privilege Nessus-adduser Login:hacker Pass:***** Pass:***** Open nessus Firefox https://127.0.0.1:8834 Start scan on target using nessus. Download the report in .nessus format.

Metasploit part Start metasploit console. msfconsole Use db_driver command to find the active driver. Set driver for mysql Db_driver mysql Connect to database data1 Db_connect root:pass@127.0.0.1/data1 Db_status Import nessus report to database. Db_import filename.nessus Confirm the target.

Hosts Vulns Services Use nmap to find open ports (advanced options) Db_nmap vvv <target> Use db_autopwn to automatically exploit the targets Db_autopwn Db_autopwn p t x e Metasploit will automatically try to exploit the vulnerability and gift us a remote shell or any other type of reverse connectivity.