NMAP and Metasploit for MS-SQL Auditing by Jose Ruiz NMAP is the best network scanner tool that you can find, period. Also, Metasploit is the #2 security tool today according to sectools.org so it’s a must for any security professional. Both tools can help you find flaws that are present in your systems before the bad guys do. In this article we will learn how to use NMAP and Metasploit to scan and exploit an MS-SQL Server, as a bonus we will see how easy it is to set up an automated log to record your findings, so your reporting duties are a lot easier. Databases are a necessity in this time and age of technology. A database is a collection of information organized in a way that allows the user the use of queries to select any type of data quickly. This data includes usernames, passwords, emails, phone numbers,....