Sharing information in team penetration testing environments is frequently a challenge. There are a number of tools out there that allow wiki style submissions but any time that data needs to be used, it must be copied and pasted out of one form into another. Metasploit has a robust database with much of the data that a security professional may need to perform new tasks, as well as to check on the status of where the team is as a whole. This presentation will discuss how to share information using Metasploit, how to get data in and out of Metasploit remotely, and how to build and expand tools to automatically store new findings in the database. This presentation will have demonstrations using remote Nmap scanning as well as demonstrate how to write your own tools to manipulate Metasploit data.
Ryan Linn is an Information Security Engineer at SAS Institute and a columnist for EthicalHacker.net . Ryan has a passion for making security knowledge accessible and in his free time enjoys extending and augmenting security tools and has contributed to popular open source security tools such as Metasploit and BeEF.
View full post on DEF CON 18 [Slides] Speeches from the Hacker Convention.