Introduction
The Metasploit Framework is a powerful tool used for penetration testing and security research. While it can be used without a database, connecting it to a database like PostgreSQL significantly enhances its capabilities. A database allows you to store information about hosts, discovered services, vulnerabilities, and collected evidence (loot). This makes managing data across large assessments much more efficient.
In this lab, you will learn the fundamental steps to configure and use the Metasploit database. You will initialize the database service, verify the connection, and learn how to use workspaces to keep your projects organized.
Initialize the Metasploit Database with msfdb init
In this step, you will initialize the Metasploit database. The Metasploit Framework includes a handy script called msfdb to manage the PostgreSQL database. The init command will start the PostgreSQL service, create a dedicated database and user for Metasploit, and save the connection details so the framework can use them automatically.
You need to run this command with sudo because it manages system services and creates database users.
Open a terminal and execute the following command:
sudo msfdb init
You will see output indicating that the database is being initialized. This process might take a moment. The output should look similar to this, confirming that the database user, database, and configuration file have been created.
[+] Starting database
[+] Creating database user 'msf'
[+] Creating database 'msf'
[+] Creating database 'msf_test'
[+] Creating configuration file '/home/labex/.msf4/database.yml'
[+] Creating initial database schema
This command only needs to be run once. After this, the database will be ready for Metasploit to use.
Verify Database Connection Status with db_status
In this step, you will verify that Metasploit is successfully connected to the database you just initialized. To do this, you first need to launch the Metasploit Framework console, which is the primary interface for interacting with Metasploit.
Launch the console by typing msfconsole in your terminal:
msfconsole
After a moment, you will see the msf6 > prompt, indicating that the console is ready.
Now, to check the database connection status, use the db_status command inside the Metasploit console:
db_status
If the connection is successful, you will see a confirmation message.
[*] postgresql connected to msf
This confirms that Metasploit is properly connected to its database and ready to store data. For now, we will stay inside the msfconsole for the next steps.
Create a New Workspace for a Project
In this step, you will learn how to create a new workspace. Workspaces are one of the most useful features of the Metasploit database. They act as separate containers for your data, allowing you to keep different penetration testing engagements or projects completely isolated from one another. By default, you start in a workspace named default.
To create a new workspace, you use the workspace command with the -a flag (which stands for "add"), followed by the name of the new workspace. Let's create a workspace named project_alpha.
Inside the msfconsole prompt, run the following command:
workspace -a project_alpha
Metasploit will confirm that the workspace has been added and will automatically switch you to the new workspace.
[*] Added workspace: project_alpha
[*] Workspace: project_alpha
Now, any data you collect—such as host information, scan results, or credentials—will be stored within the project_alpha workspace, keeping it separate from the default workspace.
List All Available Workspaces
In this step, you will list all the available workspaces in the database. This is useful for seeing all your current projects and identifying which one you are currently working in.
To list all workspaces, simply run the workspace command without any arguments.
Inside the msfconsole prompt, execute the command:
workspace
The output will show a list of all workspaces. The current workspace is marked with an asterisk (*). You should see both the default workspace and the project_alpha workspace you created in the previous step.
default
* project_alpha
This command gives you a quick overview of your projects and helps you keep track of your current context.
Switch Between Different Workspaces
In this step, you will learn how to switch between different workspaces. As you work on multiple projects, you will frequently need to change your active workspace to access the data associated with a specific engagement.
To switch to a different workspace, use the workspace command followed by the name of the workspace you want to activate. Let's switch back to the default workspace.
Inside the msfconsole prompt, run this command:
workspace default
Metasploit will confirm the switch with a message.
[*] Workspace: default
You can verify the switch by running the workspace command again. You will see the asterisk (*) is now next to default.
workspace
* default
project_alpha
You have now successfully switched your working context. To exit the Metasploit console and return to the regular terminal, type exit:
exit
Summary
Congratulations on completing this lab! You have learned the essential skills for managing the Metasploit database, which is a critical part of using the framework effectively for professional engagements.
In this lab, you covered:
- Initializing the PostgreSQL database for Metasploit using
sudo msfdb init. - Launching the Metasploit console with
msfconsole. - Verifying the database connection with the
db_statuscommand. - Creating new, isolated project environments using
workspace -a <name>. - Listing all available workspaces with the
workspacecommand. - Switching between different workspaces using
workspace <name>.
Properly using the database and workspaces will help you stay organized and efficient during your penetration testing activities.
