Re: Re: Automated penetration test

[jeevanullas () gmail com]

Hi,

The blogspot link pointed above is using commands which are pretty old.

If you are using metasploit3-dev from SVN then you need to first configure whatever db you would like to use first of 
all.

I had done automated pen testing with metasploit3-dev using postgresql db.

Just load the appropriate db plugin using:

msf > db_driver postgresql;

Then you need to issue the db_create to create the db , this might require you to setup a appropriate role in 
postgresql before hand which postgresql logs will let you know off.

After that as mentioned in the blog post also you just need to run db_nmap to run nmap on a particular port in a 
particular network.

Though .nessus file from Nessus or .xml output file from nmap also works (basically loads the db).

Finally as people above suggested there you have the db_autopwn to finally start the exploiting.

There were couple of changes made to the MSF to support postgresql so if you are using msf3 then please do a 'svn 
update' from the msf3 directory on your system.

Also regarding the payload , well I have tested vncinject payloads to work perfectly fine with automated pen testing 
jobs done via metasploit3-dev.

Cheers ;)

Deependra Singh Shekhawat

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------