Skip to main content

Database & Workspace


Overview​

Metasploit's PostgreSQL backend tracks hosts, services, credentials, and loot across a session. Without it, MSF still works but you lose all tracking and import capabilities. Always initialize the database before starting a mission.


Initialize the Database​

# Start and initialize msfdb (first time, or after a Kali reinstall)
sudo msfdb init

# If already initialized but not running
sudo msfdb start

# Check status
sudo msfdb status

Verify the database is connected once inside msfconsole:

msf6 > db_status
[*] Connected to msf. Connection type: postgresql.

If db_status returns No database: exit, run sudo msfdb start, relaunch.


Workspaces​

Workspaces isolate host/service/credential data between missions or target networks. Use a separate workspace per mission/target.

# List workspaces
msf6 > workspace

# Create a new workspace
msf6 > workspace -a <MISSION_NAME>

# Switch to a workspace
msf6 > workspace <MISSION_NAME>

# Delete a workspace
msf6 > workspace -d <MISSION_NAME>

# Rename current workspace
msf6 > workspace -r <OLD_NAME> <NEW_NAME>
Naming Convention

Use something meaningful: workspace -a 262COS_MSNNAME_YYYYMMDD. Makes it easy to archive and recall data during AAR.


Importing Scan Data​

Rather than re-running discovery inside MSF, import Nmap XML output directly. This populates hosts and services without running a single MSF scan.

# Run Nmap and output XML (from Kali terminal)
nmap -sV -sC -oX /tmp/scan_results.xml <TARGET_RANGE>
# Import into current workspace
msf6 > db_import /tmp/scan_results.xml
[*] Importing 'Nmap XML' data
[*] Import complete

# Or run Nmap directly through MSF (populates DB automatically)
msf6 > db_nmap -sV -sC <TARGET_RANGE>

Querying the Database​

Once populated (via import or module runs), query what MSF knows about the target environment.

Hosts​

msf6 > hosts
msf6 > hosts -c address,os_name,os_flavor # Specific columns
msf6 > hosts -S <SEARCH_TERM> # Search by OS, hostname, etc.
msf6 > hosts -R # Set RHOSTS to all known hosts

Services​

msf6 > services
msf6 > services -p 445 # Filter by port
msf6 > services -s smb # Filter by service name
msf6 > services -u # Show only up/open services
msf6 > services -R # Set RHOSTS from results

Credentials​

msf6 > creds                                   # All captured credentials
msf6 > creds -t password # Plaintext only
msf6 > creds -t ntlm # NTLM hashes only

Loot​

msf6 > loot                                    # Files and data captured by modules

Vulns​

msf6 > vulns                                   # Vulnerabilities identified by modules

Setting RHOSTS from Database Results​

Rather than manually typing target IPs, pull them directly from the database:

# Set RHOSTS to all hosts in DB
msf6 > hosts -R

# Set RHOSTS to hosts with SMB open
msf6 > services -p 445 -u -R

Exporting Data​

# Export all workspace data to XML
msf6 > db_export -f xml /tmp/msf_export_MSNNAME.xml

# Export credentials only
msf6 > creds -o /tmp/creds_export.csv

Database Maintenance​

# Rebuild the cache (if search is slow or modules aren't showing)
msf6 > reload_all

# Wipe a workspace clean (keeps workspace, removes all data)
msf6 > workspace -d <NAME>
msf6 > workspace -a <NAME>