Using Metasploit to Conduct NMAP Scans

Using Metasploit and nmap together as been a useful technique for me during some of my engagements.  Below are the steps I take to implement that task.

  1. Start metasploit by issuing the following command:
    • msfconsole
  1. Verify the status of the database by issuing the following command:
    • db_status
  1. Run NMAP from inside msfconsole and save the output into the MetaSploit database.
    • db_nmap -v -sV host_or_network_to_scan
      • db_nmap -v -sV (Single Host)
      • db_nmap -v -sV (Network Range)
  1. To list all the remote hosts discovered during your nmap scan issue command:
    • Hosts
  1. To add the hosts to the list of remote targets issue command:
    • hosts –R
  1. To list all of the available targets issue command:
    • show targets
  1. You can search for exploits using the “search” keywords below:
    • search type:exploit
    • search CVE-XXXX-XXXX
    • search cve:2014
    • search name:wordpress

If you found this to be useful, please leave a comment.

2 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.