Database & Workspace
Overviewβ
Metasploit's PostgreSQL backend tracks hosts, services, credentials, and loot across a session. Without it, MSF still works but you lose all tracking and import capabilities. Always initialize the database before starting a mission.
Initialize the Databaseβ
# Start and initialize msfdb (first time, or after a Kali reinstall)
sudo msfdb init
# If already initialized but not running
sudo msfdb start
# Check status
sudo msfdb status
Verify the database is connected once inside msfconsole:
msf6 > db_status
[*] Connected to msf. Connection type: postgresql.
If db_status returns No database: exit, run sudo msfdb start, relaunch.
Workspacesβ
Workspaces isolate host/service/credential data between missions or target networks. Use a separate workspace per mission/target.
# List workspaces
msf6 > workspace
# Create a new workspace
msf6 > workspace -a <MISSION_NAME>
# Switch to a workspace
msf6 > workspace <MISSION_NAME>
# Delete a workspace
msf6 > workspace -d <MISSION_NAME>
# Rename current workspace
msf6 > workspace -r <OLD_NAME> <NEW_NAME>
Use something meaningful: workspace -a 262COS_MSNNAME_YYYYMMDD. Makes it easy to archive and recall data during AAR.
Importing Scan Dataβ
Rather than re-running discovery inside MSF, import Nmap XML output directly. This populates hosts and services without running a single MSF scan.
# Run Nmap and output XML (from Kali terminal)
nmap -sV -sC -oX /tmp/scan_results.xml <TARGET_RANGE>
# Import into current workspace
msf6 > db_import /tmp/scan_results.xml
[*] Importing 'Nmap XML' data
[*] Import complete
# Or run Nmap directly through MSF (populates DB automatically)
msf6 > db_nmap -sV -sC <TARGET_RANGE>
Querying the Databaseβ
Once populated (via import or module runs), query what MSF knows about the target environment.
Hostsβ
msf6 > hosts
msf6 > hosts -c address,os_name,os_flavor # Specific columns
msf6 > hosts -S <SEARCH_TERM> # Search by OS, hostname, etc.
msf6 > hosts -R # Set RHOSTS to all known hosts
Servicesβ
msf6 > services
msf6 > services -p 445 # Filter by port
msf6 > services -s smb # Filter by service name
msf6 > services -u # Show only up/open services
msf6 > services -R # Set RHOSTS from results
Credentialsβ
msf6 > creds # All captured credentials
msf6 > creds -t password # Plaintext only
msf6 > creds -t ntlm # NTLM hashes only
Lootβ
msf6 > loot # Files and data captured by modules
Vulnsβ
msf6 > vulns # Vulnerabilities identified by modules
Setting RHOSTS from Database Resultsβ
Rather than manually typing target IPs, pull them directly from the database:
# Set RHOSTS to all hosts in DB
msf6 > hosts -R
# Set RHOSTS to hosts with SMB open
msf6 > services -p 445 -u -R
Exporting Dataβ
# Export all workspace data to XML
msf6 > db_export -f xml /tmp/msf_export_MSNNAME.xml
# Export credentials only
msf6 > creds -o /tmp/creds_export.csv
Database Maintenanceβ
# Rebuild the cache (if search is slow or modules aren't showing)
msf6 > reload_all
# Wipe a workspace clean (keeps workspace, removes all data)
msf6 > workspace -d <NAME>
msf6 > workspace -a <NAME>