1

Is it possible to remove the vulnerabilities in Metasploit Frameworks's database that I have imported from Nexpose and Nessus? I want to remove the vulnerabilities from the database while keeping the services in the database.

I have tried using the command msf > hosts -d 192.168.68.129 -c vulns or msf > hosts -c vulns -r 192.168.68.129. Both of these commands results in the entire host being deleted from the database, not the vulnerabilities.

Improve this question

    2 Answers 2

    Reset to default
    2

    There is no direct way to delete vuln objects from within msfconsole. The best way would be to drop into irb and delete them from there.

    msf exploit(ms08_067_netapi) > irb [*] Starting IRB shell... Loaded ~/.irbrc >> framework.db.vulns => #<ActiveRecord::Associations::CollectionProxy [#<Mdm::Vuln id: 59, host_id: 320, service_id: nil, created_at: "2016-12-30 17:22:01", name: "MS08-067 Microsoft Server Service Relative Path St...", updated_at: "2016-12-30 17:22:01", info: "Exploited by exploit/windows/smb/ms08_067_netapi t...", exploited_at: "2016-12-30 17:22:01", vuln_detail_count: 0, vuln_attempt_count: 1, origin_id: nil, origin_type: nil>]> >> framework.db.vulns.map(&:destroy) => [#<Mdm::Vuln id: 59, host_id: 320, service_id: nil, created_at: "2016-12-30 17:22:01", name: "MS08-067 Microsoft Server Service Relative Path St...", updated_at: "2016-12-30 17:22:01", info: "Exploited by exploit/windows/smb/ms08_067_netapi t...", exploited_at: "2016-12-30 17:22:01", vuln_detail_count: 0, vuln_attempt_count: 1, origin_id: nil, origin_type: nil>] >> framework.db.vulns => #<ActiveRecord::Associations::CollectionProxy []>

    Doing it this way will also remove all the associations with hosts, so you won't have dangling references in the join table like you would if you just deleted them in psql.

    Improve this answer
      1

      Metasploit use postgresql database. So in the worst of the cases, you can drop a sql shell into your database and try to find/delete the undesired rows by manual sql statements.

      Anyway, if you want to remove some available exploit/s, is as simple as deleting it from the file system and then rebuilding the database cache in metasploit db_rebuild_cache. To locate your modules you can use find or locatecommands. Depending of the distro, the files could be in different locations. In my Kali Linux, they are on /usr/share/metasploit-framework/modules and there are a lot of directories with exploits, payloads, etc.

      Improve this answer

        You must log in to answer this question.

        Start asking to get answers

        Find the answer to your question by asking.

        Ask question

        Explore related questions

        See similar questions with these tags.