Pentesting suite for Maltego based on data in a Metasploit database
THIS IS A BETA RELEASE, please be nice and report any issues
msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further. Entities can either be loaded from a Metasploit XML file or taken directly from the Postgres msf database
I am open to hearing suggestions for new transforms and enhancements!!!
msf> db_nmap -vvvv -T5 -A -sS -ST -Pn
msf> db_import /path/to/your/nmapfile.xml
export the database to an xml file
msf> db_export -f xml /path/to/your/output.xml
In Maltego drag a MetasploitDBXML entity onto the graph.
Update the entity with the path to your metasploit database file.
run the MetasploitDB transform to enumerate hosts.
from there several transforms are available to enumerate services, vulnerabilities stored in the metasploit DB