Information Gathering

Msploitego – Pentesting Suite For Maltego Based On Data In A Metasploit Database

Msploitego - Pentesting Suite For Maltego Based On Data In A Metasploit Database
msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further. Entities can either be loaded from a Metasploit XML file or taken directly from the Postgres msf database.


  • Python 2.7
  • Has only been tested on Kali Linux
  • software installations:
    • Metasploit
    • nmap
    • enum4linux
    • smtp-check
    • nikto
  • checkout and update the transform path inside Maltego
  • In Maltego import config from msploitego/src/msploitego/resources/maltego/msploitego.mtz
General Use
Using exported Metasploit xml file
  • run a db_nmap scan in metatasploit, or import a previous scan
    • msf> db_nmap -vvvv -T5 -A -sS -ST -Pn
    • msf> db_import /path/to/your/nmapfile.xml
    • export the database to an xml file
    • msf> db_export -f xml /path/to/your/output.xml
    • In Maltego drag a MetasploitDBXML entity onto the graph.
    • Update the entity with the path to your metasploit database file.
    • run the MetasploitDB transform to enumerate hosts.
    • from there several transforms are available to enumerate services, vulnerabilities stored in the metasploit DB
Using Postgres
  • drag and drop a Postgresql DB entity onto the canvas, enter DB details.
  • run the Postgresql transforms directly against a running DB
  • Instead of running a nikto scan directly from Maltego, I’ve opted to include a field to for a Nikto XML file. Nikto can take long time to run so best to manage that directly from the os.




  • Connect directly to the postgres database – in progress
  • Much, much, much more tranforms for actions on generated entities.

Website security, detecting malwares on the website and removal services, website backup services, daily website file scanning and file changes monitoring

About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: