Gather Information

Passive Information Gathering

whois Lookups

  • Used to find the names of domain servers

  • whois trustedsec.com

Netcraft

  • Netcraft is a web-based tool that we can use to find the IP address of a server hosting a particular website

NSLookup

  • Tool built into most operating systems

Active Information Gathering

Importing Nmap Results

  • Verify that it's running: netstat -antp|grep 7337

  • Make sure you are connected correctly: db_status

Msf DB status

  • Generate a XML export file with nmap's oX option

    • Example: nmap -Pn -sS -A -oX Subnet1.xml 192.168.1.0/24

  • Use the db_import command to import it into the database

    • db_import Subnet1.xml

# Start the postgresql service 
service postgresql start

# Initialize the database
msfdb init 

# Restart postgresql service 
service postgresql restart

# Start Metasploit framework console 
msfconsole 

# Check the database is connected, you should see "postgresql connected to msf"
db_status 

# Perform a test nmap 
nmap -Pn -sS -A -oX Test 10.10.10.0/24 

# Import result XML file "Test" into db 
db_import Test 

# Display the hosts and their details collected by nmap, nmap does not collect os_flavor  
hosts 

# using db_map automatically stores the results in the database 
db_nmap -sS -A 10.10.10.16 

# Display information of the services running on all active machines 
services 

# Load the SMB scanner module
use scanner/smb/smb_version 

# show SMB scanner options 
show options 

# Set IP address range 
set RHOSTS 10.10.10.8-16 

# Set number of threads 
set THREADS 100 

# Launch SMB Scanner module 
run 

# show hosts information, the os_flavor should now be populated
hosts
PreviousShell HandlerNextGaining Root

Last updated