> For the complete documentation index, see [llms.txt](https://capcap-1.gitbook.io/capcap/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://capcap-1.gitbook.io/capcap/readme/ctf-modules/vulnerability-assessment/msf/databases.md).

# Databases

**Practical flow:**

```bash
msf6 > db_nmap -sV 10.10.10.0/24     # scan whole subnet
msf6 > services -p 445 -R            # filter SMB hosts, auto-set RHOSTS
msf6 > use exploit/windows/smb/...   # now RHOSTS is already populated
msf6 > run
```

```bash
msf6 > hosts -R
# automatically sets RHOSTS to all hosts in DB

msf6 > services -p 445 -R
# sets RHOSTS to only hosts with port 445 open
```

`Databases` in `msfconsole` are used to keep track of your results.

**1. Check/Start PostgreSQL**

```bash
sudo service postgresql status
sudo systemctl start postgresql
```

**2. Initialize MSF database**

```bash
sudo msfdb init       # creates msf user, databases, config file
```

```bash
sudo msfdb status
```

If you get a Bundler error, run `apt update` first, then reinit. If it says "already configured", just check status with `sudo msfdb status`.

**Launch MSF with DB connected**

```bash
sudo msfdb run        # starts msf + connects DB together
```

Or if DB is already set up separately:

```bash
msfconsole -q
msf6 > db_status      # verify connection
```

**Reinit if needed (password issues):**

```bash
msfdb reinit
cp /usr/share/metasploit-framework/config/database.yml ~/.msf4/
sudo service postgresql restart
msfconsole -q
```

**Workspaces**

```bash
workspace              # list all (active one has *)
workspace -a Target_1  # create + switch
workspace Target_1     # switch to existing
workspace -d Target_1  # delete
workspace -D           # delete all
workspace -r old new   # rename
```

***

**Importing Scan Results**

Preferred format is `.xml`. Use `db_import`:

```bash
msf6 > db_import Target.xml
msf6 > hosts       # verify host was imported
msf6 > services    # verify services were imported
```

Or run Nmap **directly inside MSF** and auto-save results:

```bash
msf6 > db_nmap -sV -sS 10.10.10.8
```

Results go straight into `hosts` and `services` tables.

***

**Exporting / Backup**

```bash
msf6 > db_export -f xml backup.xml    # xml or pwdump format
```

Can be reimported later with `db_import`.

***

**The Main Data Commands**

| Command    | What it holds                             |
| ---------- | ----------------------------------------- |
| `hosts`    | All discovered hosts (IP, OS, arch, etc.) |
| `services` | Ports/services per host                   |
| `creds`    | Captured credentials                      |
| `loot`     | Hash dumps, passwd files, shadow files    |
| `vulns`    | Discovered vulnerabilities                |
| `notes`    | Miscellaneous notes                       |

**Useful flags shared across most:**

* `-R` → set RHOSTS directly from results (huge time saver)
* `-S` → search/filter
* `-o file` → export to CSV
* `-a` / `-d` → add or delete entries

**`creds` specifics** — you can manually add:

```bash
creds add user:admin password:pass123
creds add user:admin ntlm:<hash>
creds add user:root ssh-key:/path/to/id_rsa
```

Export in JTR or hashcat format for cracking.

**`loot`** — stores actual file contents (hash dumps, etc.) not just metadata. Add with `-f` (file) and `-i` (info description).


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://capcap-1.gitbook.io/capcap/readme/ctf-modules/vulnerability-assessment/msf/databases.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
