Hi guys, I am writing a graduation work at the university. Here is the main idea: I need to write a programm that will alow me to do attack modelling for IDS testing. So, let's suppose, I know target OS, open ports and running services (by running nmap, for exaple). Now I'd like to filter exploits (by ports, OS, etc) from Metasploit, that I might use. But I don't know how to do this. Can I make a request to postgresql DB, or exploits don't store there? Or should I use msfconsole instead?
Next step is splitting these exploits by groups and building an attack tree or attack scenarios.
After that the programm should run exploits and define, whether they were successfull or not.
So, please, help me, if you know answer to one of my quistions. Maybe there is some API for Metasploit, for example for C or Java, it would be much easier to write such programm.
Thanks a lot.