Forum Thread: Metasploit Host List

Why is it that Metasploit dosent add all hosts to the database from an Nmap scan?

I did an Nmap scan within Metasploit as so:
"msf> db nmap -sS 192.168.5.1/24" to find all host on my home network.

Nmap finds 6 hosts (IP addresses, MAC addresses), but dosent copy all of the info into the database.
When I do command like "msf> hosts" it just lists 3 hosts (IP add and MAC add).
Same thing when i try to do a Nmap scan and import it into Metasploit via "msf>db import nmap-scan-file-name" command.

From what i can tell, Metasploit only copy's the routers info and the Windows machines info, and fales to copy the rest.

Any ideas?

Peace, Alpha

4 Responses

Just to keep it up:
Could you list the services that are scanned by nmap?(keep it super anonymous!). We might be able to help you!

Just wondering if anybody had the same problem.

Im starting to think its a marketing trick, like the free version has limitations, but if you buy the pro version its all good.

Makes sence?

You know, I guess not. Since I usually separate nmap and metasploit I've never encountered this kind of problem.

I'm still thinking there some reachability error in the scans that makes the enumeration fail. If you provide us some specifics, we might be able to help you, or maybe someone else has an answer.

These are the hosts that metasploit didn't import:

Nmap scan report for 192.168.5.103
Host is up (0.032s latency).
All 1000 scanned ports on 192.168.5.103 are filtered
MAC Address: X:X:X:X:X:X
Nmap scan report for 192.168.5.104
Host is up (0.0100s latency).
All 1000 scanned ports on 192.168.5.104 are closed
MAC Address: X:X:X:X:X:X
Nmap scan report for 192.168.5.100
Host is up (0.000017s latency).
All 1000 scanned ports on 192.168.5.100 are closed

Nmap done: 256 IP addresses (5 hosts up) scanned in 19.09 seconds

And this is what metasploit imported:
* Importing 'Nmap XML' data
* Import: Parsing with 'Nokogiri v1.6.4.1'
* Importing host 192.168.5.1
* Importing host 192.168.5.101

So nmap got some services listings on 192.168.5.1 and 192.168.5.101.

The other hosts that didn't make it into the database (as shown above) either have there ports filtered or closed. Is that it?

Even if thats the case, how come MS won't import there IP's and MAC's? It didn't get the services listed on the host but it got there IP and MAC.

Share Your Thoughts

  • Hot
  • Active