Database Management in Metasploit
Overview
The database in Metasploit serves as a central repository for managing scan results, vulnerabilities, credentials, and other information collected during penetration tests. Leveraging the database streamlines workflows, enhances organization, and integrates seamlessly with scanning tools like Nmap.
Setting Up PostgreSQL
Metasploit uses PostgreSQL as its backend database. Below are the steps to configure and connect Metasploit with PostgreSQL.
Check PostgreSQL Status:
Verify that PostgreSQL is installed and running:
sudo service postgresql status
Output should display
Active: active (exited)
.
Start PostgreSQL:
If PostgreSQL is not running, start it:
sudo systemctl start postgresql
Initialize the Metasploit Database:
Configure the database schema:
sudo msfdb init
This creates the database user
msf
and prepares the schema.
Troubleshooting:
If initialization fails, ensure all dependencies are up to date:
sudo apt update && sudo msfdb init
Verify Database Connection:
Open Metasploit and check the database status:
msfconsole -q db_status
Output should display:
[*] Connected to msf. Connection type: PostgreSQL.
Using the Database
The Metasploit database allows testers to store, query, and manage data efficiently. Here’s how to leverage it for penetration testing.
Key Commands:
db_status
Check the database connection status.
db_connect
Manually connect to a database.
db_disconnect
Disconnect from the database.
db_export <file>
Export the database contents to a file.
db_import <file>
Import scan results or data from a file.
hosts
View a list of discovered hosts.
services
List services running on discovered hosts.
creds
View stored credentials.
loot
Manage and view gathered files or data.
Workspaces
Workspaces help organize data by project, IP range, or domain.
List Workspaces:
workspace
Create a New Workspace:
workspace -a <workspace_name>
Switch Between Workspaces:
workspace <workspace_name>
Delete a Workspace:
workspace -d <workspace_name>
Help Menu for Workspaces:
workspace -h
Importing Scan Results
Metasploit integrates with tools like Nmap to directly import scan results into the database.
Importing Nmap Results:
db_import <nmap_scan.xml>
Use Nmap Directly from Metasploit:
db_nmap -sS -sV <target_ip>
Viewing Imported Data:
List discovered hosts:
hosts
List services running on hosts:
services
Exporting and Backing Up Data
Export Database Contents:
Export all stored data to a file:
db_export -f xml <filename>.xml
Import Previously Exported Data:
Restore data from an XML file:
db_import <filename>.xml
Backing Up Workspaces:
Backup specific workspaces for later reuse.
Common Use Cases
Storing Scanned Hosts and Services:
Use
db_nmap
to scan a network and populate the database:db_nmap -Pn -sV 192.168.1.0/24
View the results:
hosts services
Credential Management:
Automatically store discovered credentials:
creds
Collaborative Penetration Testing:
Use the database to synchronize data across team members by sharing exports.
Tracking Progress Across Engagements:
Separate each client’s data using workspaces.
Command Cheatsheet
db_status
Check if the database is connected.
db_connect
Connect to the database manually.
db_import <file>
Import Nmap or Nessus scan results.
db_export <file>
Export database content to a file.
workspace
List or manage workspaces.
hosts
Display discovered hosts.
services
List services running on discovered hosts.
creds
View stored credentials.