Metasploit Database

Every time we are running a module, Metasploit database is being updated with data. This is an
amazing feature of Metasploit, because it is impossible to remember all this information. There
are specific commands to pull information from the Metasploit database. Some of them we have
already seen them during our tests.

Pull information

  • hosts command will list all of the hosts in the database,
  • notes command will output the notes that Metasploit has for each host,
  • services command will display the identified services on the target machines,
  • vulns will list all of the discovered vulnerabilities for each target machine,
  • creds will list all stored credentials.

To get more help and details about each command you can issue the command in
msfconsole, followed by parameter -h.

Administering Metasploit Databases
Commands to administer databases.

  • db_create username:passwd@localhost/dbname, create a new database,
  • db_connect username:passwd@localhost/dbname, connect to a database,
  • db_disconnect, disconnect from database,
  • db_destroy username:passwd@localhost/dbname, to delete the specified database,

This post is part of my article about metasploit which was originally published in PenTest Magazine, August issue.