LabEx
Log InJoin Free

Import External Nmap Scan Results into Metasploit

Kali LinuxBeginner
Practice Now

Introduction

In this lab, you will learn how to integrate the powerful network scanning capabilities of Nmap with the Metasploit Framework. While Metasploit has its own built-in scanning features, you often need to import results from external tools like Nmap. This is a common workflow in penetration testing, as it allows you to centralize all your reconnaissance data within Metasploit's database.

By importing Nmap scan results, you can leverage Metasploit's data management and exploitation features on the hosts and services discovered by Nmap. You will perform an Nmap scan, save the output to an XML file, and then use the db_import command within the Metasploit console to populate its database.

Run an Nmap scan outside Metasploit saving to XML

In this step, you will perform a basic Nmap scan and save its results into an XML file. The XML format is ideal for importing into other tools because it's structured and easy to parse. We will scan localhost to identify running services and their versions.

First, ensure you are in the default project directory, /home/labex/project.

Run the following nmap command in your terminal. Here's a breakdown of the options:

  • -sV: Probes open ports to determine service/version info.
  • -oX nmap_scan.xml: Outputs the scan results in XML format to a file named nmap_scan.xml.
  • localhost: The target of our scan.
nmap -sV -oX nmap_scan.xml localhost

After the scan completes, you will see output similar to the following, summarizing the results. The exact open ports may vary.

Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-27 10:00 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00010s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.1 (Ubuntu Linux; protocol 2.0)
...

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 5.43 seconds

This command creates a file named nmap_scan.xml in your current directory (~/project).

Use the db_import command in msfconsole

In this step, you will start the Metasploit Framework console. msfconsole is the primary interface for interacting with Metasploit, allowing you to access its modules, manage data, and launch attacks.

We will start msfconsole with the -q (quiet) flag to suppress the startup banner for a cleaner interface. The database connection will be automatically established.

Execute the following command to launch the Metasploit console:

msfconsole -q

After a few moments, your terminal prompt will change to msf6 >, indicating that you are now inside the Metasploit console.

msf6 >

Inside msfconsole, you have access to many commands for managing your penetration testing workflow. One of these is db_import, which we will use in the next step to load our Nmap scan data.

Specify the path to the Nmap XML file

Now that you are inside the Metasploit console, you can import the Nmap scan results. The db_import command is used for this purpose. You need to provide the full path to the XML file you created in the first step.

Since you created the file in /home/labex/project, you will use that path.

Run the db_import command inside the msfconsole prompt:

db_import /home/labex/project/nmap_scan.xml

Metasploit will parse the XML file and import the data into its database. You should see output confirming that the data is being imported.

msf6 > db_import /home/labex/project/nmap_scan.xml
[*] Importing 'Nmap XML' data from /home/labex/project/nmap_scan.xml
[*] Importing host 127.0.0.1
[*] Successfully imported /home/labex/project/nmap_scan.xml

This message confirms that the hosts, ports, and services from your Nmap scan are now stored in the Metasploit database.

Verify imported hosts using the hosts command

In this step, you will verify that the host information was successfully imported into the Metasploit database. The hosts command in msfconsole lists all the hosts that Metasploit is aware of in the current workspace.

After importing the scan data, running the hosts command should display the target you scanned, which was localhost (127.0.0.1).

Inside the msfconsole prompt, type the hosts command and press Enter:

hosts

The output will be a table listing the hosts in the database, including their IP address, MAC address (if available), name, and operating system.

msf6 > hosts

Hosts
=====

address      mac  name       os_name        os_flavor  os_sp  purpose  info  comments
-------      ---  ----       -------        ---------  -----  -------  ----  --------
127.0.0.1         localhost  Ubuntu Linux   Linux             device

Seeing 127.0.0.1 in the list confirms that the host data from your Nmap scan has been correctly added to the database.

Query the imported services using the services command

In this final step, you will inspect the services that were discovered on the imported host. The services command in msfconsole lists all the open ports and running services that have been added to the database. This is crucial for identifying potential attack vectors.

Run the services command inside the msfconsole prompt:

services

This will display a detailed table of all services, including the host they are running on, the port, protocol, service name, and version information.

msf6 > services

Services
========

host       port  proto  name  state  info
----       ----  -----  ----  -----  ----
127.0.0.1  22    tcp    ssh   open   OpenSSH 8.9p1 Ubuntu 3ubuntu0.1 (Ubuntu Linux; protocol 2.0)

This output shows the specific services found by Nmap, now neatly organized within Metasploit. You can now use this information to search for relevant exploits or auxiliary modules within the framework.

To exit the Metasploit console, simply type exit.

exit

Summary

In this lab, you have successfully learned a fundamental workflow for integrating external tools with the Metasploit Framework.

You have learned how to:

  • Run an Nmap scan with version detection and save the results to an XML file.
  • Start the Metasploit console and use the db_import command to load the Nmap scan data.
  • Verify the imported data using the hosts command to view discovered hosts.
  • Query the database for detailed service information using the services command.

This process of importing scan data is essential for effective data management during a penetration test, allowing you to consolidate information from various sources into a single, powerful platform for analysis and exploitation.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux