Metasploit PostgreSQL Database Integration Demo

The Metasploit Framework is a powerful tool for penetration testing, but a default installation without a database is like a library with no catalog. While it's functional, finding what you need and organizing your findings is inefficient. To solve this, Metasploit has built-in support for a PostgreSQL database to act as its backend. Integrating a database transforms Metasploit from a simple collection of exploits into a full-fledged penetration testing data management system.

When connected to a database, Metasploit can store information about hosts, discovered services, vulnerabilities, gathered credentials, and successfully exploited sessions. This creates a structured environment called a **workspace**, allowing testers to manage engagement data efficiently, track their progress, and easily reuse gathered information across different modules without having to manually re-enter it. Using the database is considered a best practice and is essential for any serious or professional use of the framework.

Core Functionalities of the Database Integration

Connecting a database unlocks a suite of features that significantly enhance the testing workflow:

• Workspace Management: Workspaces are like separate project folders within the database. You can create a new workspace for each penetration test to keep all the data—hosts, services, loot, etc.—for that engagement completely separate from others. This is critical for organization and reporting.
• Data Persistence: All the information you gather is saved. If you close `msfconsole` and reopen it later, you can reconnect to your workspace and all your discovered hosts, services, and credentials will still be there.
• Loot and Credential Storage: When a host is successfully compromised, any data you collect (e.g., password hashes from a SAM dump, configuration files, sensitive documents) is automatically stored in the database as "loot." Credentials found are parsed and stored in a dedicated table, which can then be used by other modules for attacks like password spraying.
• Faster Module Searching and Caching: With a database connected, Metasploit creates a cached search index of all its modules. This makes the search command significantly faster than it is in non-database mode.
• Automated Data Import: Metasploit can import the results from popular third-party scanners like Nmap, Nessus, and OpenVAS. When you import a scan file, Metasploit automatically populates the database with all the discovered hosts, open ports, and identified vulnerabilities, giving you an immediate, actionable picture of your target environment.

Key Database Commands (The `db_*` Suite)

All database-related commands within the `msfconsole` are prefixed with db_. Here are the most essential commands and their functions.

1. Managing the Database Connection

These commands are used to initialize and manage the connection to the PostgreSQL service.

• db_status

  Checks and displays the current connection status to the database.

  msf6 > db_status
  [*] postgresql connected to msf_database

• db_connect

  Manually connect to a database if one isn't already connected. You typically provide a connection string in the format user:password@host:port/database.

  msf6 > db_connect user:pass@127.0.0.1:5432/msf_database

• db_disconnect

  Disconnects from the current database without shutting down msfconsole.

  msf6 > db_disconnect

• db_rebuild_cache

  If you've added new custom modules or feel the search index is out of sync, this command rebuilds the module search cache.

  msf6 > db_rebuild_cache

2. Managing Workspaces and Data

These commands are for interacting with the data inside your connected database.

• workspace

  The primary command for managing workspaces. Used alone, it lists all available workspaces. With flags, it can add, delete, or switch between them.

  # List workspaces
  msf6 > workspace
  
  # Add a new workspace
  msf6 > workspace -a project_alpha
  
  # Switch to the new workspace
  msf6 > workspace project_alpha
  
  # Delete a workspace
  msf6 > workspace -d project_alpha

• db_import <file>

  Imports a scan file from another tool. Metasploit will automatically parse the file and add the data to your current workspace.

  msf6 > db_import /path/to/nmap_scan.xml

• hosts

  Lists all the hosts that have been discovered and stored in the current workspace. You can use flags to filter and format the output.

  msf6 > hosts
  msf6 > hosts -c address,os_name

• services

  Lists all the services (ports and protocols) discovered on the hosts in your workspace.

  msf6 > services
  msf6 > services -p 80,443 -c info

• vulns

  Lists all the vulnerabilities that have been identified, either through imported scans or by Metasploit's own scanner modules.

  msf6 > vulns

• creds

  Lists all the credentials (usernames, passwords, hashes) that have been collected and stored in the database.

  msf6 > creds

• loot

  Lists all the non-credential data that has been exfiltrated from compromised systems, such as files, screenshots, and command outputs.

  msf6 > loot

• db_nmap <nmap arguments>

  Runs an Nmap scan directly from msfconsole and automatically imports the results into the database. This is a convenient shortcut that combines two steps into one.

  msf6 > db_nmap -sV -A 192.168.1.0/24