Starting Postgres
rt@bt:$ sudo -s
rt@bt:$ postgresql-setup initdb
rt@bt:$ systemctl start postgresql.service
Creating a database user
postgres@bt:$ createuser msf_user -P
Enter password for new role: <btpassword>
Enter it again: <btpassword>
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
Creating a database
postgres@bt:$ createdb --owner=msf_user msf_database
Configure Metasploit
rt@bt:$ msfconsole
msf > db_status
[*] postgresql selected, no connection
msf> db_connect msf_user:btpassword@127.0.0.1:5432/msf_database
NOTICE: CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column "hosts.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for table "hosts"
[..]
NOTICE: CREATE TABLE will create implicit sequence "mod_refs_id_seq" for serial column "mod_refs.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "mod_refs_pkey" for table "mod_refs"
Enable the database on startup
This is to write the database configuration to a separate configuration file so the password doesn't get printed on the screen during each start of the msfconsole.
$ cat > /opt/metasploit-framework/database.yml << EOFDatabase connection and Workspace
production:
adapter: postgresql
database: msf_database
username: msf_user
password: yourmsfpassword
host: 127.0.0.1
port: 5432
pool: 75
timeout: 5
EOF
$ cat > ~/.msf4/msfconsole.rc << EOF
db_connect -y /opt/metasploit4/config/database.yml
workspace -a YourProject
EOF
Using the database
msf > db_status
[*] postgresql connected to msf_database
msf > db_nmap 192.168.1.0/24
msf > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.1.1 11:22:33:44:55:66 router Linux 2.6.X device
192.168.1.100 22:33:44:55:66:77 mixer Linux 2.6.X device
msf > help databaseTo list databases
Database Backend Commands
=========================
Command Description
------- -----------
creds List all credentials in the database
db_connect Connect to an existing database
db_disconnect Disconnect from the current database instance
db_export Export a file containing the contents of the database
db_import Import a scan result file (filetype will be auto-detected)
db_nmap Executes nmap and records the output automatically
db_status Show the current database status
hosts List all hosts in the database
loot List all loot in the database
notes List all notes in the database
services List all services in the database
vulns List all vulnerabilities in the database
workspace Switch between database workspaces
postgres@bt:$ psql -l
To assign ownership of a database
postgres@bt:$ psql -c "ALTER DATABASE msf_database OWNER TO msf_user;"
To add or change the password for a user
postgres@bt:$ psql -c "ALTER USER msf_user WITH ENCRYPTED PASSWORD 'omgwtfbbq';"
To drop a database
postgres@bt:$ dropdb msf_database
To drop a user
postgres@bt:$ dropuser msf_userpsql commands
select version(); - show the db version
\h - get help
\q - quit