Metasploit-PostgreSQL使用笔记

1、metasploit中的msf数据库用户密码存储位置： cat /usr/share/metasploit-framework/config/database.yml

2、在metasploit中可以通过db_import命令将namp扫描结果导入数据库，或者运行db_nmap直接将扫描结果存入数据库；

3、通过hosts命令可以获取数据库中的所有主机

msf > hosts -h
Usage: hosts [ options ] [addr1 addr2 …]

OPTIONS:
-a,–add Add the hosts instead of searching
-d,–delete Delete the hosts instead of searching
-c Only show the given columns (see list below)
-C Only show the given columns until the next restart (see list below)
-h,–help Show this help information
-u,–up Only show hosts which are up
-o Send output to a file in csv format
-O Order rows by specified column number
-R,–rhosts Set RHOSTS from the results of the search
-S,–search Search string to filter by
-i,–info Change the info of a host
-n,–name Change the name of a host
-m,–comment Change the comment of a host
-t,–tag Add or specify a tag to a range of hosts

Available columns: address, arch, comm, comments, created_at, cred_count, detected_arch, exploit_attempt_count, host_detail_count, info, mac, name, note_count, os_family, os_flavor, os_lang, os_name, os_sp, purpose, scope, service_count, state, updated_at, virtual_host, vuln_count, tags

4、通过services命令可以查看开放的端口等信息。可以对主机进行筛选显示，通过-R参数将主机设置为RHOSTS

msf > services -h

Usage: services [-h] [-u] [-a] [-r ] [-p ] [-s ] [-o ] [addr1 addr2 …]

-a,–add Add the services instead of searching
-d,–delete Delete the services instead of searching
-c Only show the given columns
-h,–help Show this help information
-s Search for a list of service names
-p Search for a list of ports
-r Only show [tcp|udp] services
-u,–up Only show services which are up
-o Send output to a file in csv format
-O Order rows by specified column number
-R,–rhosts Set RHOSTS from the results of the search
-S,–search Search string to filter by

Available columns: created_at, info, name, port, proto, state, updated_at

参考链接：https://www.redspin.com/it-security-blog/2011/09/importing-and-working-with-nmap-scans-in-metasploit-framework-4/