Database Management in Metasploit

Overview

The database in Metasploit serves as a central repository for managing scan results, vulnerabilities, credentials, and other information collected during penetration tests. Leveraging the database streamlines workflows, enhances organization, and integrates seamlessly with scanning tools like Nmap.

Setting Up PostgreSQL

Metasploit uses PostgreSQL as its backend database. Below are the steps to configure and connect Metasploit with PostgreSQL.

  1. Check PostgreSQL Status:

    • Verify that PostgreSQL is installed and running:

      sudo service postgresql status
    • Output should display Active: active (exited).

  2. Start PostgreSQL:

    • If PostgreSQL is not running, start it:

      sudo systemctl start postgresql
  3. Initialize the Metasploit Database:

    • Configure the database schema:

      sudo msfdb init
    • This creates the database user msf and prepares the schema.

  4. Troubleshooting:

    • If initialization fails, ensure all dependencies are up to date:

      sudo apt update && sudo msfdb init
  5. Verify Database Connection:

    • Open Metasploit and check the database status:

      msfconsole -q
      db_status
    • Output should display:

      [*] Connected to msf. Connection type: PostgreSQL.

Using the Database

The Metasploit database allows testers to store, query, and manage data efficiently. Here’s how to leverage it for penetration testing.

Key Commands:

Command
Description

db_status

Check the database connection status.

db_connect

Manually connect to a database.

db_disconnect

Disconnect from the database.

db_export <file>

Export the database contents to a file.

db_import <file>

Import scan results or data from a file.

hosts

View a list of discovered hosts.

services

List services running on discovered hosts.

creds

View stored credentials.

loot

Manage and view gathered files or data.

Workspaces

Workspaces help organize data by project, IP range, or domain.

  1. List Workspaces:

    workspace
  2. Create a New Workspace:

    workspace -a <workspace_name>
  3. Switch Between Workspaces:

    workspace <workspace_name>
  4. Delete a Workspace:

    workspace -d <workspace_name>
  5. Help Menu for Workspaces:

    workspace -h

Importing Scan Results

Metasploit integrates with tools like Nmap to directly import scan results into the database.

  1. Importing Nmap Results:

    db_import <nmap_scan.xml>
  2. Use Nmap Directly from Metasploit:

    db_nmap -sS -sV <target_ip>
  3. Viewing Imported Data:

    • List discovered hosts:

      hosts
    • List services running on hosts:

      services

Exporting and Backing Up Data

  1. Export Database Contents:

    • Export all stored data to a file:

      db_export -f xml <filename>.xml
  2. Import Previously Exported Data:

    • Restore data from an XML file:

      db_import <filename>.xml
  3. Backing Up Workspaces:

    • Backup specific workspaces for later reuse.

Common Use Cases

  1. Storing Scanned Hosts and Services:

    • Use db_nmap to scan a network and populate the database:

      db_nmap -Pn -sV 192.168.1.0/24
    • View the results:

      hosts
      services
  2. Credential Management:

    • Automatically store discovered credentials:

      creds
  3. Collaborative Penetration Testing:

    • Use the database to synchronize data across team members by sharing exports.

  4. Tracking Progress Across Engagements:

    • Separate each client’s data using workspaces.


Command Cheatsheet

Command
Description

db_status

Check if the database is connected.

db_connect

Connect to the database manually.

db_import <file>

Import Nmap or Nessus scan results.

db_export <file>

Export database content to a file.

workspace

List or manage workspaces.

hosts

Display discovered hosts.

services

List services running on discovered hosts.

creds

View stored credentials.