January 21, 2020

Using the Metasploit Database

Johan Grotherus
Share

Using the Metasploit Database - CybraryThe Metasploit database is a good way of keeping track of the things you get your hands on during a penetration test. The database can hold things like hosts, services, usernames and passwords. One particular useful feature of the Metasploit database is the integration it has with Nmap. You can utilize Nmap scans from within Metasploit and store the results directly in the database. Let's see how this works.Step 1 is to make sure that PostgreSQL is running on your Kali Linux machine.

> service postgresql start

 Step 2 is to verify that Metasploit has a connection to the database.

> msfconsole (to start the Metasploit console)msf> dbstatus (to check the database connection)It should come back as [] postgresql connected to msf3

If the database is not connected, you need to initialize it first.

msf> exit> msfdb init (this is for Kali Linux 2.0)

Then try step 2 again, it should be good now. The first thing to do is to create a new workspace. A workspace is simply just a table in the database to store data in, but it helps you stay organized. You might try to see workspaces as projects or clients. When you have a new client or project, create a new workspace.The workspace command is what you use to to manage workspaces. You can have several workspaces and easily switch between them.

msf> workspace

This gives you the workspace you're currently using. You can easily create a new workspace using the -a flag and delete one with the -d flag. Switching between workspaces is simply done by entering workspace .

msf> workspace -a test (create a workspace named test)msf> workspace -d test (delete workspace named test)msf> workspace test (switch to the workspace test)msf> workspace -r test test2 (rename workspace test to test2)

 Now, it's time to get some Nmap data into your database. You can do this in two ways: either by importing a Nmap scan or by issuing a Nmap scan from within the Metasploit console. To import data, you use the dbimport command. The Nmap scan result file that you import must be in XML format.

msf> dbimport /root/nmapscan.xml (to import a previous Nmap scan result file)

msf > dbimport /root/nmaprouterscan[] Importing 'Nmap XML' data[] Import: Parsing with 'Nokogiri v1.6.6.2'[] Importing host 192.168.1.1[] Successfully imported /root/nmaprouterscanmsf >

Now that we've imported data, let's see what we got. First, we use the hosts command to list all the hosts we have in our database workspace.

msf > hosts

 Hosts=====

address mac name osname osflavor ossp purpose info comments------- --- ---- ------- --------- ----- ------- ---- --------192.168.1.1 08:63:61:8e:8f:4e homerouter.cpe Unknown device

msf >

Second, we check which services we got listed from our imported Nmap scan:

msf > services

 Services========

host port proto name state info---- ---- ----- ---- ----- ----192.168.1.1 22 tcp ssh open192.168.1.1 23 tcp telnet filtered192.168.1.1 53 tcp domain open192.168.1.1 80 tcp http open192.168.1.1 443 tcp https open192.168.1.1 631 tcp ipp filtered192.168.1.1 3000 tcp ppp open192.168.1.1 8081 tcp blackice-icecap filtered

msf >

You can import a lot of different data into the Metasploit database simply by using the dbimport command to get a complete list of available file imports.

msf > dbimportUsage: dbimport [file2...]

Filenames can be globs like .xml, or */.xml, which will search recursively.Currently supported file types include:

AcunetixAmap LogAmap Log -mAppscanBurp Session XMLCIFoundstoneFusionVM XMLIP Address ListIP360 ASPLIP360 XML v3Libpcap Packet CaptureMetasploit PWDump ExportMetasploit XMLMetasploit Zip ExportMicrosoft Baseline Security AnalyzerNeXpose Simple XMLNeXpose XML ReportNessus NBE ReportNessus XML (v1)Nessus XML (v2)NetSparker XMLNikto XMLNmap XMLOpenVAS ReportOpenVAS XMLOutpost24 XMLQualys Asset XMLQualys Scan XMLRetina XMLSpiceworks CSV ExportWapiti XML

msf >

 As you can see, there are a lot of options for importing data into Metasploit. Then, there's the other possibility: executing a Nmap scan from within the Metasploit console. You use the dbnmap command to do this. Here's an example from my home network:

msf > dbnmap 192.168.1.3[

] Nmap: Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-08-27 20:33 CEST[] Nmap: Nmap scan report for 192.168.1.3[] Nmap: Host is up (0.0014s latency).[] Nmap: Not shown: 995 closed ports[] Nmap: PORT STATE SERVICE[] Nmap: 139/tcp open netbios-ssn[] Nmap: 445/tcp open microsoft-ds[] Nmap: 548/tcp open afp[] Nmap: 5009/tcp open airport-admin[] Nmap: 10000/tcp open snet-sensor-mgmt[] Nmap: MAC Address: 90:72:40:04:88:4B (Apple)[] Nmap: Nmap done: 1 IP address (1 host up) scanned in 91.73 secondsmsf >

 Now, lets check the hosts and services commands again:

msf > hosts

Hosts=====address mac name osname osflavor ossp purpose info comments------- --- ---- ------- --------- ----- ------- ---- --------192.168.1.1 08:63:61:8e:8f:4e homerouter.cpe Unknown device192.168.1.3 90:72:40:04:88:4b Unknown devicemsf >msf > services Services========host port proto name state info---- ---- ----- ---- ----- ----192.168.1.1 22 tcp ssh open192.168.1.1 23 tcp telnet filtered192.168.1.1 53 tcp domain open192.168.1.1 80 tcp http open192.168.1.1 8081 tcp blackice-icecap filtered192.168.1.1 443 tcp https open192.168.1.1 3000 tcp ppp open192.168.1.1 631 tcp ipp filtered192.168.1.3 445 tcp microsoft-ds open192.168.1.3 548 tcp afp open192.168.1.3 5009 tcp airport-admin open192.168.1.3 139 tcp netbios-ssn open192.168.1.3 10000 tcp snet-sensor-mgmt openmsf > As you scan additional hosts or networks, your database will hold more and more information about your target. So, as a last step in this tutorial, I'll mention the dbexport command, which allows you to make a backup. The dbexport command allows for saving your workspace as an XML file or as a pwdump file. The pwdump format is for credentials only; XML format saves everything.

msf > dbexport -f xml /root/testworkspace.xml[

] Starting export of workspace test to /root/testworkspace.xml [ xml ]...[] >> Starting export of report[] >> Starting export of hosts[] >> Starting export of events[] >> Starting export of services[] >> Starting export of web sites[] >> Starting export of web pages[] >> Starting export of web forms[] >> Starting export of web vulns[] >> Starting export of module details[] >> Finished export of report[] Finished export of workspace test to /root/testworkspace.xml [ xml ]...msf >

In my next tutorial I will show more features of the Metasploit database and how you can use them to your advantage.

Start learning with Cybrary

Create a free account

Related Posts

All Blogs
Building a Security Team
June 27, 2023

Digital Forensics and Incident Response: What It Is, When You Need It, and How to Implement It

A quick guide to digital forensics and incident response (DFIR): what it is, when it’s needed, how to implement a cutting-edge program, and how to develop DFIR skills on your team.

Read More
Building a Security Team
June 28, 2023

How to Build a Red Team

An overview of what a red team is (and isn’t), and practical tips on how to build a Red Team and develop offensive security skills in your team.

Read More
Tools & Applications
June 7, 2023

How to Make the Most of Blending Learning with Cybrary Live

Learn how to get the most from your cybersecurity training platform by blending on-demand learning with virtual, live courses led by industry experts.

Read More
News & Events
June 7, 2023

Introducing the New Cybrary Learner Experience

Cybrary is launching a key update to the Cybrary Learner experience to elevate hands-on learning and measurement as guiding tenets of Cybrary’s mission.

Read More