Setting up the Metasploit Framework Database
Need help with implementation or an upcoming project? We offer professional services at reasonable rates to help you with your next network rollout, security audit, architecture design, and more. Click here to find out more.
The Metasploit Framework is an amazing tool, made even better by the fact that we can configure it to connect to a database and save the hosts, services, and other "loot" we've discovered. You don't have to do connect MSF to a database, but if you're going to use it for more than just a one-off task you may as well. Having everything stored in a database also allows us to export the database and move it to another Kali installation, or use it to help write those all-important reports.
In Kali Linux there are a couple things already configured for us, since Kali is a pre-rolled security testing distribution. There are a couple extra steps if you're using a manual Metasploit Framework install on generic Linux like Ubuntu.
Kali Linux Installations
Note: This section was written using the 2016.1 release of Kali Linux.
Kali comes with database services (PostgreSQL) already running and configured, which removes a few steps in the process.
Open a terminal window in Kali Linux and run the msfdb command with the init option to create the Metasploit Framework database:
The msfdb command has a few other options as well:
If for whatever reason you want to just nuke the database and everything in it to start anew you can use the reinit option.
Launch the Metasploit Framework console and check the status of the database connection:
A successfully configured database should result in the output shown below:
That's it for Kali Linux!
Ubuntu LINUX Server INSTALLATIONS
Note: This section was written using the latest Ubuntu Server release as of September 2016.
Assuming you've gone the non-Kali route, there are a couple extra steps when running Metasploit Framework on Ubuntu if you want the database capabilities.
First, make sure PostgreSQL is installed
apt-get install postgresql
Verify that the PostgreSQL service is running:
service restart postgresql
Make sure you have the appropriate access:
Change to the built-in postgres user so you have the rights to create a database:
Create a PostgreSQL "msf" database user that Metasploit Framework can use to connect to the database:
createuser msf -P -S -R -D
Remember the password you entered, you'll need it in a moment.
Create an "msf" database to store the information we discover using Metasploit Framework:
createdb -O msf msf
In your Metasploit Framework directory, under ./config/ there is a database.yml file that must be modified.
In the database.yml file specify the following:
adapter: postgresql database: msf username: msf password: <Your database user's password>
Launch the Metasploit Framework console, then use the db_status command to verify that Metasploit Framework Console is connected to the PostgreSQL database: