What’s the first thing come to your mind when you think of doing network pentest of over 1000 IPs in couple of weeks? Is it really possible? Answer is YES!!!

Our preffered choice is Metasploit Database. This handy tool is too awesome that it helps not only to exploit the vulnerabilities directly from the Metasploit console but also saves plenty of time and prevents you to be in a messy situation. So how do you start?

Fire up your Metasploit and type db_status command to check if you have Metasploit database installed or not. If not, refer here, here and here to set it up. Assuming you have everything setup, lets get started.

Grab the list of subnets that are in scope.
Detect live host (NMAP -sP <Subnet_IP>) and dump these IP into a text file i.e. ip.txt. This step will take a bit of formatting effort.
Fire up your NMAP to start network scans [and keep it running]. Note that Metasploit DB takes XML formatted output. This is the easiest way to get things running smoothly.
To run NMAP, following is the most efficient command for TCP scans. Obviously, this part will take long time to complete as there is bunch of IP address(s) to scan.

‍

sudo nmap -sV -v -O -Pn -iL ip.txt -oX network-scan.xml

Do -sU in case you want to perform UDP scans as well.

Leave the scans running for overnight and it should be completed next morning when you come back to hack..:)
Next, import the NMAP XML output file to Metasploit. Here’s how you connect to Metasploit DB.

‍

‍ db_connect <username>:<password> @localhost:5432