The Metasploit Framework uses a built-in database to store and manage information collected during a penetration test. This helps you keep track of hosts, services, credentials, and sessions across your engagement.
Purpose of the Database
The database stores all discovered data during a session, such as:
- Hosts and IPs scanned or attacked
- Open ports and services detected
- Vulnerabilities found
- Loot and extracted files
- Credentials like usernames and password hashes
- Sessions created by payloads
You can query this data directly from msfconsole.
Initializing the Metasploit Database
Before using the Metasploit database, you may need to initialize it. This sets up the PostgreSQL backend and creates the default database used by Metasploit.
For First-Time Setup
Run the following command outside msfconsole:
msfdb initThis command:
- Initializes the PostgreSQL database
- Sets up required tables and users
- Links the database to the Metasploit Framework
After that, you can start and check the status:
msfdb startThen confirm the connection inside msfconsole:
db_statusYou should see:
[*] Connected to msf. Connection type: postgresql.
If db_status says disconnected, re-run msfdb start or check the database service manually.
Key Commands
You can interact with the database directly in msfconsole using these commands:
hosts # List all scanned hosts
services # View discovered services on hosts
vulns # List all found vulnerabilities
creds # Show captured usernames and passwords
loot # Display downloaded or extracted files
sessions # List current meterpreter or shell sessions
db_nmap # Run nmap and store results directly in the database
workspace # Switch between separate project environmentsEach command shows structured results that are stored and updated automatically.
Workspaces
Workspaces allow you to create separate environments to manage multiple assessments.
workspaceTo create or switch workspaces:
workspace -a client1 # Add a new workspace
workspace client1 # Switch to it
workspace # Show current workspaceThis keeps your data organized by project or target.
Scanning with db_nmap
You can run an Nmap scan from within msfconsole using db_nmap. This saves scan results directly into the database.
db_nmap -sV -O 10.10.10.5This runs a service/version scan and OS detection on the target. Results (like IP, ports, OS, services) are automatically stored.
Once scanned, use database commands to view and explore that data.
Using hosts, services, and Related Commands
After scanning or exploiting, your database fills with useful info.
Check discovered hosts:
hostsSample output:
Hosts
=====
address mac name os_name os_flavor
------- --- ---- ------- ---------
10.10.10.5 00:0c:29:2f:39:ad target1 Linux Ubuntu
Check services running on a host:
services -h # show help and filters
services # show all services
services 10.10.10.5Sample output:
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
10.10.10.5 22 tcp ssh open OpenSSH 7.2p2
10.10.10.5 80 tcp http open Apache httpd 2.4.18
Check vulnerabilities found:
vulnsSee saved credentials:
credsDisplay loot files (like dumped password files):
lootList active or old sessions:
sessions