Importing scan results

Alternatively, we can also use a third-party tool to perform enumeration. Then, the result from the tool can be imported into MSF. Follow these steps to import the scan result:

1. It's always better to perform a port scan and service enumeration before performing exploitation via Metasploit. Instead of using the built-in port scanner for Metasploit, you can use Nmap separately and save the scanning result in XML format using the -oX switch:

2. Just like the db_import command that was used in msfconsole, you can use the same feature in the Metasploit web interface by clicking on the Import button:

3. On clicking the Import button, you'll be redirected to the Import Data page, where you'll be given the option to import your data.
4. You can import data from Nexpose, Sonar (Project Sonar is a security research project by Rapid7 that conducts internet-wide surveys across different services and protocols to gain insights into global exposure to common vulnerabilities) and supported files from third-party scanning tools such as Acunetix, Nessus, Nmap, and many more. In this case, we performed a full port scan and saved the Nmap result in XML format:

5. As an optional feature, you can enable Automatic Tagging, which will tag the hosts as os_windows, os_linux, and os_unknown, based on their OS. When you click Import Data, the scan will be imported:

6. You can go back to the Project Overview menu to see the updated project space:

7. As shown in the preceding screenshot, a new host was added with 15 services running on it. On clicking the 15 services detected hyperlink, you will see that the Services page is displayed.
8. You can view the same page by clicking on Project menu -> [WORKSPACE] -> Services:

In the next section, you will be introduced to the Metasploit modules, which will be used for further enumeration and exploitation of the target host.