Host Management

A host refers to a device on a network and is represented by its IP address or server name. Hosts are typically fingerprinted, enumerated, and added to a project during a discovery scan, data import, or Nexpose scan.

To view the hosts in a project, you need to go to the Analysis area. All hosts stored in the project will be viewable, searchable, and editable from the Analysis area of the user interface.

Host Management Interfaces

Metasploit Pro offers a couple of different host views. Host views provide visibility into the data that a project contains. Each view provides a different way in which you can view the metadata and findings for hosts within a project.

The following host views are available:

• Project view - Provides a high-level view of all the hosts and data that are stored in the project. To access the project view, click on the Analysis tab. The project view initially shows the Hosts list, which displays the fingerprint and enumerated ports and services for each host. In addition to the Hosts list, you can view the notes, services, vulnerabilities, and captured data from the project view. To access these other views, you can click on their tabs from the project view.
• Single host view - Displays the details for a specific host, such as the services, sessions, vulnerabilities, credentials, captured data, notes, file shares, tags, exploit attempts, available modules, and source. To access the single host view, click on a host IP address.

Tour of the Analysis Area

The Analysis area shows the test findings on a project level. The Analysis area shows you all of the information that has been gathered and tracked for a particular project. For example, you will want to go to the Analysis area if you want to see a list of hosts that were discovered or imported, view the captured data stored in the project, or create Nexpose vulnerability exceptions.

From the Analysis area, you can navigate to the following main pages:

• Hosts page - Lists all the hosts in a project and shows their operating system, purpose, tags, and counts for services and vulnerabilities.
• Notes page - Lists the notes, or additional bits of information, that Metasploit Pro was able to collect from a host during a scan.
• Services page - Lists the services that were enumerated and shows their port number, port state, and the host that it is running on.
• Vulnerabilities page - Lists the vulnerabilities that have been imported from a vulnerability scanner or ones that have been found by Metasploit Pro. You can create vulnerability exceptions and push validated vulnerabilities back to Nexpose from the Vulnerabilities page.
• Captured Data page - Lists all the loot and evidence that was collected from all hosts in the project. You can view or download captured data files from this page.
• Network Topology - Shows a diagram of the physical layout of a target network.

Tour of the Single Host Page

The single host page shows the findings on a per host level. Use this view to drill down to the details for a particular host. For example, you will want to view the single host when you want to view the credentials, services lists, or open/closed sessions for a host. To access the single host page, click on the IP address for any host.

Adding and Deleting Hosts

There are a few ways that hosts can be automatically added to a project: through a Discovery Scan, Nexpose Scan, or import. When you run a scan or import, Metasploit Pro gathers host information and stores it in the project database. If there are specific hosts that you want to add, without running a scan or import, you can manually add them to a project. Or if there are hosts that you scanned or imported that you do not want to include in the project, you can simply delete them.

Adding a Host to a Project

To add a host to a project:

1. Select Analysis > Hosts from the Project Tab bar. The Hosts page appears.
2. Click the New Host button from the Quick Tasks bar. The New Host form appears.
   
3. Fill out the Name and Address section with the host's network details. At a minimum, you will need to specify the host name and host IP address.
   
4. Fill out the Operating System section, if you know the OS that runs on the host. If you do not have this information, you can skip this step.

Note:  Note: You can additionally specify the OS version, OS flavor, and Purpose. These fields are optional.

5. Select the Lock edited host attributes option if you do not want the host metadata to be editable. If you select this option, team members and subsequent scans/imports will not be able to modify the host metadata.
   
6. Click on the Add Service link, if you know there is a specific service running on the host that you want to add. You can add as many services as you need.
   
   
7. Click the Save button when you are done.

Deleting a Host from a Project

To delete a host from a project:

1. Select Analysis > Hosts from the Project Tab bar. The Hosts page appears.
2. Select the host or hosts that you want to delete.
   
3. Click the Delete button. A confirmation window appears.
   
4. Click OK to delete the host or hosts.

Viewing and Editing Host Metadata

Each host has metadata that helps you identify its network details and its operating system. You can view the host metadata to learn more about the identifiable attributes for a particular host or you can edit the host metadata if there are additional details you want to provide about the host.

Viewing Host Metadata

To view metadata for a host:

1. From within a project, select Analysis > Hosts from the Project Tab bar. The Hosts page appears.
2. Click on the IP address for the host you want to view the host information for.
   
3. Click on the Edit icon. The Host Information window displays the metadata for the host.

Editing Host Information

To edit the metadata for a host:

1. From within a project, select Analysis > Hosts from the Project Tab bar. The Hosts page appears.
2. Click on the IP address for the host that you want to edit.
   
3. Click on the Edit icon. The Host Information window displays the metadata for the host.
   
4. Click on the Edit icon for the metadata field you want to add or modify. The field becomes editable.
   

Note:  Note: The following metadata fields can be edited: host address, host name, host MAC address, OS name, OS flavor, OS service pack, and OS purpose.

5. Enter the information you want to use in the field. For example, if you know the service pack, you can add it to the SP field.
6. Click the Save link when you are done.
   
7. Click the Done button to close the Host Information window.

Adding, Editing, and Deleting Services

The Services list is populated when you run a scan or import hosts into a project. However, there may be cases where you may want to manually modify the services list. You can add, edit, or modify the services list for any host.

Adding a Service to a Host

To add a service to a host:

1. From within a project, select Analysis > Hosts from the Project Tab bar. The Hosts page appears.
2. Click on the IP address for the host that you want to add a service to. The single host page opens and shows the Services list.
   
3. Click the New Service button. The New Service modal window appears.
   
4. Specify the following information for the service:
   

• Name - The service name, such as HTTP, DNS, or SMTP.
• Port - The port that the service runs on.
• Protocol - The protocol, TCP or UDP, that the port uses.
• State - The port state can be open, closed, filtered, or unknown.
• Info - Any additional information that you may have about the service, such as the version that is running.

5. Click the Submit button when you are done.

Editing a Service

To edit a service:

1. From within a project, select Analysis > Hosts from the Project Tab bar. The Hosts page appears.
2. Click on the IP address for the host whose services you want to edit. The single host page opens and shows the Services list.
   
3. Click the Edit icon that is located in the same row as the service you want to modify. The Name, Port, Protocol, and State fields become editable.
   
4. Make your changes to any of the editable fields.
   
5. Click the Save link when you are done.

Deleting a Service from a Host

To delete a service from a host:

1. From within a project, select Analysis > Hosts from the Project Tab bar. The Hosts page appears.
2. Click on the IP address for the host that you want to delete a service from. The single host page opens and shows the Services list.
   
3. Find the service that you want to delete.
4. Click the Delete button that is located in the same row as the service. A confirmation window appears.
   
5. Click OK to delete the service.

Adding, Editing, and Deleting Vulnerabilities

In order to identify potential vulnerabilities that may exist on a target network, you will need to run a Nexpose scan, run a Discovery Scan, or import vulnerability scan data. Metasploit Pro stores the vulnerability information that it finds for each host in the project.

Vulnerabilities can be viewed and managed at the project level or at the host level.

Adding a Vulnerability to a Host

To add a vulnerability to a host:

1. From within a project, select Analysis > Hosts from the Project Tab bar. The Hosts page appears.
2. Click on the IP address for the host that you want to add a vulnerability to. The single host page appears.
   
3. Click the Vulnerabilities tab. The Vulnerabilities list appears.
   
4. Click the New Vuln button. The New Vulnerability modal window appears.
   
5. Enter a name for the vulnerability in the Name field.
   
6. Click the Add Ref button. The Reference field becomes editable.
   
7. Enter the vulnerability reference ID or URL in the reference field.
   
8. If you have additional references you would like to add for the vulnerability, click on the Add Ref button and repeat the previous step.
9. Click the Submit button when you are done.

Adding a Vulnerability Reference

To add a reference ID to vulnerability:

1. From within a project, select Analysis > Hosts from the Project Tab bar. The Hosts page appears.
2. Click on the IP address for the host that has the vulnerability you want to add a reference to. The single host page appears.
   
3. Click the Vulnerabilities tab. The Vulnerabilities list appears.
   
4. Click the Edit icon that is located in the same row as the vulnerability you want to edit. The Edit Vulnerability window appears.
   
5. Click the Edit icon. The Reference field becomes editable.
   
6. Edit the vulnerability reference ID or URL.

7. Click the Submit button when you are done.

Deleting a Vulnerability Reference

To delete a reference ID from a vulnerability:

1. From within a project, select Analysis > Hosts from the Project Tab bar. The Hosts page appears.
2. Click on the IP address for the host that has the vulnerability you want to delete a reference from. The single host page appears.
   
3. Click the Vulnerabilities tab. The Vulnerabilities list appears.
   
4. Click the Edit icon that is located in the same row as the vulnerability you want to edit.
   
5. Find the reference you want to delete and click the Delete icon. The reference is removed from the list.
   

Note:  If you have additional references you would like to delete, repeat the previous step until you are done.

6. Click the Submit button when you are done.

Deleting a Vulnerability from a Host

To delete a vulnerability from a host:

1. From within a project, select Analysis > Hosts from the Project Tab bar. The Hosts page appears.
2. Click on the IP address for the host that has the vulnerability you want to delete. The single host page appears.
   
3. Click the Vulnerabilities tab. The Vulnerabilities list appears.
   
4. Click the Delete icon that is located in the same row as the vulnerability you want to remove. A confirmation window appears.
   
5. Click OK to delete the vulnerability. The vulnerability is removed from the list.

Deleting a Vulnerability from All Hosts

To delete a vulnerability from the project:

1. From within a project, select Analysis > Vulnerabilities from the Project Tab bar. The Vulnerabilities page appears.
   
2. Click the Grouped View button in the Quick Tasks bar. The project displays the individual vulnerabilities in the project.
   
3. Select the vulnerabilities you wan to delete from the project.

Note:  When you delete vulnerabilities from the grouped view, it removes them from all of the hosts that currently have them.

4. Click the Delete Vulnerabilities button in the Quick Tasks bar. A confirmation window appears.
   
5. Click OK to continue with the deletion.