msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further. Entities can either be loaded from a Metasploit XML file or taken directly from the Postgres msf database.
Requirements
- Python 2.7
- Has only been tested on Kali Linux
- software installations:
- Metasploit
- nmap
- enum4linux
- smtp-check
- nikto
Installation
- checkout and update the transform path inside Maltego
- In Maltego import config from msploitego/src/msploitego/resources/maltego/msploitego.mtz
General Use
Using exported Metasploit xml file
- run a db_nmap scan in metatasploit, or import a previous scan
- msf> db_nmap -vvvv -T5 -A -sS -ST -Pn
- msf> db_import /path/to/your/nmapfile.xml
- export the database to an xml file
- msf> db_export -f xml /path/to/your/output.xml
- In Maltego drag a MetasploitDBXML entity onto the graph.
- Update the entity with the path to your metasploit database file.
- run the MetasploitDB transform to enumerate hosts.
- from there several transforms are available to enumerate services, vulnerabilities stored in the metasploit DB
Using Postgres
- drag and drop a Postgresql DB entity onto the canvas, enter DB details.
- run the Postgresql transforms directly against a running DB
Notes
- Instead of running a nikto scan directly from Maltego, I've opted to include a field to for a Nikto XML file. Nikto can take long time to run so best to manage that directly from the os.
Screenshots
TODO's
- Connect directly to the postgres database - in progress
- Much, much, much more tranforms for actions on generated entities.