Using databases in Metasploit
It is always a better approach to store the results when you perform penetration testing. This will help us build a knowledge base about hosts, services, and the vulnerabilities in the scope of a penetration test. In order to achieve this functionality, we can use databases in Metasploit. Connecting a database to Metasploit also speeds up searching and improves response time. The following screenshot depicts a search when the database is not connected:
In order to use databases, we need to start the Metasploit database service using the following command:
root@kali:~# service postgresql start root@kali:~#msfdbinit
The service postgresql start command initializes the PostgreSQLdatabase service and the msfdbinit command initializes and creates the PostgreSQL database for Metasploit.
Once the databases are created and initialized, we can quickly fire up Metasploit using the following command:
root@kali:~#msfconsole
This command will fire up Metasploit, as shown in the following screenshot:
To find out the status of the databases, we can use the following command:
msf>db_status
The preceding command will check whether the database is connected and is ready to store the scan results or not. We can see in the preceding screenshot that the database is connected and it will store all the results.
Next, if we want to connect to a database other than the default one, we can change the database using the following command:
db_connect
Typing the preceding command will display its usage methods, as we can see in the following screenshot:
In order to connect to a database, we need to supply a username, password, and a port with the database name along with the db_connect command.
Let us see what other core database commands are supposed to do. The following table will help us understand these database commands:
|
Command |
Usage information |
|
|
This command is used to interact with databases other than the default one |
|
|
This command is used to export the entire set of data stored in the database for the sake of creating reports or as an input to another tool |
|
|
This command is used for scanning the target with NMAP, and storing the results in the Metasploit database |
|
|
This command is used to check whether the database connectivity is present or not |
|
|
This command is used to disconnect from a particular database |
|
|
This command is used to import results from other tools such as Nessus, NMAP, and so on |
|
|
This command is used to rebuild the cache if the earlier cache gets corrupted or is stored with older results |
Now that we have seen the database commands, let us move further and perform an NMAP scan on the target:
In the preceding screenshot, using db_nmap will automatically store all the results in the Metasploit database. In the command at the top of the preceding screenshot, the -sV switch denotes a service scan from NMAP on the target, while the -p switch denotes the port numbers to be included in the scan.
We can see that there are numerous open ports on the target IP address. Let us list the services running on ports using services command as follows:
We can see that we have numerous services running on the target. Let us filter the currently running services using the services -u command as follows:
We can always list all the hosts in the database using hosts command as follows:
Note
For more information on databases, refer to https://www.offensive-security.com/metasploit-unleashed/using-databases/
