The following steps demonstrate the setting up of a database:
- First, we start the postgresql server using the following command:
service postgresql start
The following screenshot shows the output of the preceding command:
- Then, we create the database and initialize it:
msfdb init
- Once this is done, we load msfconsole. Now we can create and manage workspaces in Metasploit. A workspace can be considered a space where we can save all out Metasploit data with categorizations. To set up a new workspace, we use the following command:
workspace -a workspacename
The following screenshot shows the output of the preceding command:
- To see all the commands related to the workspace, we can execute this:
workspace -h
- Now that we have our database and workspace set up, we can use various commands to interact with the database.
- To import an existing Nmap scan into our database, we use the following command:
db_import path/to/nmapfile.xml
The following screenshot shows the output of the preceding command:
- Once the import is complete, we can view the hosts using the following command:
hosts
The following screenshot shows the output of the preceding command:
- To view only the IP address and OS type, we use the following command:
hosts -c address,os_flavor
The following screenshot shows the output of the preceding command:
- Now suppose we want to perform a TCP auxiliary scan. We can set all these hosts as RHOSTS for an auxiliary too. We do this using the following command:
hosts -c address,os_flavor -R
The following screenshot shows the output of the preceding command:
- As the RHOSTS have been set, they can be used across the Metasploit for any module required.
- Let's look at one more example where our imported Nmap scan already has all the data we need. We can use the following command to list all the services in the database:
services
- To see only those services that are up, we can use the -u switch:
- We can even see the list by specific ports using the -p switch:
