Using the Metasploit Database

August 28, 2015 | Views: 13341

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

The Metasploit database is a good way of keeping track of the things you get your hands on during a penetration test. The database can hold things like hosts, services, usernames and passwords. One particular useful feature of the Metasploit database is the integration it has with Nmap. You can utilize Nmap scans from within Metasploit and store the results directly in the database.


Let’s see how this works.

Step 1 is to make sure that PostgreSQL is running on your Kali Linux machine.

> service postgresql start


Step 2 is to verify that Metasploit has a connection to the database.

> msfconsole (to start the Metasploit console)
msf> db_status (to check the database connection)
It should come back as [*] postgresql connected to msf3

If the database is not connected, you need to initialize it first.

msf> exit
> msfdb init (this is for Kali Linux 2.0)

Then try step 2 again, it should be good now.


The first thing to do is to create a new workspace. A workspace is simply just a table in the database to store data in, but it helps you stay organized. You might try to see workspaces as projects or clients. When you have a new client or project, create a new workspace.

The workspace command is what you use to to manage workspaces. You can have several workspaces and easily switch between them.

msf> workspace

This gives you the workspace you’re currently using. You can easily create a new workspace using the -a flag and delete one with the -d flag. Switching between workspaces is simply done by entering workspace .

msf> workspace -a test (create a workspace named test)
msf> workspace -d test (delete workspace named test)
msf> workspace test (switch to the workspace test)
msf> workspace -r test test2 (rename workspace test to test2)


Now, it’s time to get some Nmap data into your database. You can do this in two ways: either by importing a Nmap scan or by issuing a Nmap scan from within the Metasploit console. To import data, you use the db_import command. The Nmap scan result file that you import must be in XML format.

msf> db_import /root/nmap_scan.xml (to import a previous Nmap scan result file)

msf > db_import /root/nmap_router_scan
[*] Importing ‘Nmap XML’ data
[*] Import: Parsing with ‘Nokogiri v1.6.6.2’
[*] Importing host
[*] Successfully imported /root/nmap_router_scan
msf >

Now that we’ve imported data, let’s see what we got. First, we use the hosts command to list all the hosts we have in our database workspace.

msf > hosts



address mac name os_name os_flavor os_sp purpose info comments
——- — —- ——- ——— —– ——- —- ——– 08:63:61:8e:8f:4e homerouter.cpe Unknown device

msf >

Second, we check which services we got listed from our imported Nmap scan:

msf > services



host port proto name state info
—- —- —– —- —– —- 22 tcp ssh open 23 tcp telnet filtered 53 tcp domain open 80 tcp http open 443 tcp https open 631 tcp ipp filtered 3000 tcp ppp open 8081 tcp blackice-icecap filtered

msf >

You can import a lot of different data into the Metasploit database simply by using the db_import command to get a complete list of available file imports.

msf > db_import
Usage: db_import [file2…]

Filenames can be globs like *.xml, or **/*.xml, which will search recursively.

Currently supported file types include:

Amap Log
Amap Log -m
Burp Session XML
FusionVM XML
IP Address List
IP360 XML v3
Libpcap Packet Capture
Metasploit PWDump Export
Metasploit XML
Metasploit Zip Export
Microsoft Baseline Security Analyzer
NeXpose Simple XML
NeXpose XML Report
Nessus NBE Report
Nessus XML (v1)
Nessus XML (v2)
NetSparker XML
Nikto XML
Nmap XML
OpenVAS Report
Outpost24 XML
Qualys Asset XML
Qualys Scan XML
Retina XML
Spiceworks CSV Export
Wapiti XML

msf >


As you can see, there are a lot of options for importing data into Metasploit. Then, there’s the other possibility: executing a Nmap scan from within the Metasploit console. You use the db_nmap command to do this. Here’s an example from my home network:

msf > db_nmap
[*] Nmap: Starting Nmap 6.49BETA4 ( ) at 2015-08-27 20:33 CEST
[*] Nmap: Nmap scan report for
[*] Nmap: Host is up (0.0014s latency).
[*] Nmap: Not shown: 995 closed ports
[*] Nmap: 139/tcp open netbios-ssn
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: 548/tcp open afp
[*] Nmap: 5009/tcp open airport-admin
[*] Nmap: 10000/tcp open snet-sensor-mgmt
[*] Nmap: MAC Address: 90:72:40:04:88:4B (Apple)
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 91.73 seconds
msf >


Now, lets check the hosts and services commands again:

msf > hosts


address mac name os_name os_flavor os_sp purpose info comments
——- — —- ——- ——— —– ——- —- ——– 08:63:61:8e:8f:4e homerouter.cpe Unknown device 90:72:40:04:88:4b Unknown device

msf >

msf > services



host port proto name state info
—- —- —– —- —– —- 22 tcp ssh open 23 tcp telnet filtered 53 tcp domain open 80 tcp http open 8081 tcp blackice-icecap filtered 443 tcp https open 3000 tcp ppp open 631 tcp ipp filtered 445 tcp microsoft-ds open 548 tcp afp open 5009 tcp airport-admin open 139 tcp netbios-ssn open 10000 tcp snet-sensor-mgmt open

msf >


As you scan additional hosts or networks, your database will hold more and more information about your target. So, as a last step in this tutorial, I’ll mention the db_export command, which allows you to make a backup. The db_export command allows for saving your workspace as an XML file or as a pwdump file. The pwdump format is for credentials only; XML format saves everything.

msf > db_export -f xml /root/test_workspace.xml
[*] Starting export of workspace test to /root/test_workspace.xml [ xml ]…
[*] >> Starting export of report
[*] >> Starting export of hosts
[*] >> Starting export of events
[*] >> Starting export of services
[*] >> Starting export of web sites
[*] >> Starting export of web pages
[*] >> Starting export of web forms
[*] >> Starting export of web vulns
[*] >> Starting export of module details
[*] >> Finished export of report
[*] Finished export of workspace test to /root/test_workspace.xml [ xml ]…
msf >

In my next tutorial I will show more features of the Metasploit database and how you can use them to your advantage.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. thanx for the post bro, keep up the good work.

  2. Nicely done. I’d forgotten about workspaces. Wonderful feature of MetaSploit Framework. Easily share among colleagues/teammates and archive offline when moving between client environments.

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?