Backing Up and Restoring Metasploit Data

Hardware failures and data loss can happen to anyone. That's why it's critical for you to regularly back up your Metasploit data. Because let's face it, your projects contain very important and sensitive data, and losing that data could have a massively negative impact.

To protect yourself from data loss, you should routinely back up Metasploit so that you can:

  • Repair your copy of Metasploit - Backing up your data can help you repair Metasploit so that you don't lose your configuration settings or any project data.
  • Migrate data between different Metasploit servers - Being able to transfer data between multiple instances of Metasploit can be helpful if you experience any hardware changes or failures.

Backing Up Data

A backup contains everything you need to restore Metasploit to a specific state, such as your application settings and your projects. The only thing that does not migrate is the software version. Your Metasploit instance will stay on its current version.

When you back up Metasploit, everything in the database is compressed into a ZIP file and stored in /path/to/metasploit/apps/pro/backups. The files are not overwritten when you restore Metasploit to a specific backup, so they will be available until you manually delete them or you uninstall Metasploit.

Back up Metasploit data:

  1. Go to Administration > Global Settings.
  2. On the Backups tab, click New Backup.
  3. On the Create a Backup page, enter a name and a description for the backup file on the Create a Backup page. You should provide a clear and concise description so that you can easily identify the contents of each file. This will be helpful when you go to restore a backup and you have multiple files to choose from. The retention policy checkbox will be explained in the Retention Policy section below, but will be checked by default.
  4. Click the Create Backup button.

When the Backups page appears, you'll see that the backup file has been created. The Status column displays the progress for the backup. When the backup completes, you'll see an alert in Notification Center. You'll need to refresh the page to see the updated status.

Restoring a Backup

A restore reverts your Metasploit server back to the state captured in a backup file. The backup files are platform independent so you can restore data from one operating system to another without any issues.

When you restore a backup file, everything in that is currently in your Metasploit instance will be overwritten with the data in the backup file, including your user accounts, loot, reports, and logs. Any data that does not exist in the backup file will be lost.

In order to restore a backup, all the Metasploit processes must be stopped so that the database can be modified. After the database has been restored, the Metasploit services will be restarted and you'll be able to use Metasploit as usual. Don't worry. You don't have to manually shut down your processes. We'll do it for you.

Before you restore a backup, you should check if there are any tasks currently running on the server. During a restore, these tasks will be stopped, so any data that has been collected will be lost. You should alert other users that you plan to restore the system to a previous version of Metasploit, so they can backup the data that they need.

Restore a backup

  1. Go to Administration > Global Settings.
  2. Select the Backups tab.
  3. When the Backups page appears, find the backup you want to restore.
  4. Click the Restore button.
  5. A confirmation window appears and notifies you that you will overwrite everything in your database. Click the Restore button when you are ready.

At this point, all Metasploit services will be stopped, and you'll be directed to a progress page. When the restore is complete, the Metasploit services will be restarted and you'll see a link back to Metasploit.

Running the Restore Script

You can choose to restore a backup by running the restore script. First, a backup needs to be made using the GUI, then backups are stored in /path/to/metasploit/apps/pro/backups.

Restoring on Linux Systems

To restore a backup, you'll need to run the restore script from the diagnostic shell.

Restore Windows Backup on Linux

If you are restoring a Windows backup on a Linux system, you'll need to change the permissions the ZIP file to be executable before you can restore it. To change the permissions for a file, run the following:

 
1
sudo chmod +x /opt/metasploit/apps/pro/backups/<backup file>.zip

Restore a backup on a Linux system:

  1. Open a terminal.
  2. cd into the Metasploit directory.
 
1
$ cd /opt/metasploit
  1. Run the diagnostic shell as sudo.
 
1
/opt/metasploit$ sudo ./diagnostic_shell
  1. When the bash prompt appears, run the restore script.
 
1
bash-4.3# ./restore
  1. If Metasploit services are still running, you'll be prompted to stop them. Enter Y to continue.
  2. When the list of backups displays, enter the name of the backup file you want to restore.
  3. When the confirmation message appears, enter Y to restore the backup.

The backup process may take a few minutes to complete. When it's done, you'll see the Restore complete message. Type exit to close the diagnostic shell.

Restoring on Windows Systems

  1. Go to C:/metasploit and run the restore batch script.
  2. If Metasploit services are still running, you'll be prompted to stop them. Enter Y to continue.
  3. When the list of backups displays, enter the name of the backup file you want to restore.
  4. When the confirmation message appears, enter Y to restore the backup. The backup process may take a few minutes to complete. When it's done, you'll see the "Restore complete" message.
  5. Exit the command prompt.

Restoring to Older Versions of Metasploit

We only support forward compatibility, which means you can restore a backup to the same version or a newer version of Metasploit. For example, if your backup file was created on Metasploit 4.11.6, you cannot restore that file on an older version, like Metasploit 4.11.5. However, you can restore it to a newer version, like Metasploit 4.11.7.

To check the version of your backup, go to the Backups tab and look in the Metasploit Version column.

Logging in after a Backup

When you restore a backup file, everything in your Metasploit instance will be overwritten, including your user accounts. If you have restored the backup file to a different instance of Metasploit, you may not be able to use your old credentials to log in. If you have restored a backup file and can no longer log in to Metasploit, you can run the reset password script obtain new credentials.

Finding the Backup Files

The backup files are located in /path/to/metasploit/apps/pro/backups.

If you plan to uninstall Metasploit, you should copy the files in this directory to different location on your machine. Or if you want to share the backup files with another instance of Metasploit, you can copy them from this location.

Backup Schedules

With Metasploit Pro, you have the option to schedule a backup in the future, or at regular intervals.

Scheduling a Backup

In order to schedule a backup, navigate to the Backups tab, and press Schedule Now.

That will open up the following modal, where you can create a schedule.

Backup Schedule Options

There are several options available for backup schedules.

The name for each backup created by the schedule will be whatever is set in Prefix, followed by a timestamp.

Description sets the description for each backup.

Run Backup controls the frequency with which you'd like a backup to be created. There are options for once, hourly, daily, weekly, and monthly.

Depending on your selection for Run Backup, there will be several different scheduling options to fine-tune when exactly you'd like the backups to execute.

The remaining two options are explored further below.

Execution Time Limit

The backup schedule has a tasks execution time limit so users can set a limit on how many minutes the system will wait for in-progress tasks to finish before creating a backup. When you check the box next to Would you like to wait for running tasks before creating a backup? on the schedule modal, an input field will appear. Upon selection, you must input the maximum amount of time you'd like the system to wait for running tasks at the scheduled backup time.

Editing a Schedule

Any time you have an active schedule, you can re-open the modal to edit or delete the schedule by pressing the button with your schedule details on the backups tab, where the Schedule Backup button used to be.

Retention Policy

If there is an active backup schedule, you have the option to set a retention policy. Since a backup schedule may wind up creating a lot of backups, to reduce disk space/clutter, you can choose to apply a retention policy to your backups.

Setting a Retention Policy

On the backups tab, next to the schedule button, is an option to create a retention policy. Clicking on this will allow you to set options for a retention policy. If you choose to apply a retention policy, you can set how many backups will be kept when the schedule executes. For example, if you set the retention policy to retain 10 backups, when the schedule executes, it will create one backup, then delete all but the 10 newest backups.

Note that any backups with the checkbox in the Retain column checked will not be deleted, and the system will ignore them when determining how many to delete. So in the above example, it will delete all but the 10 newest backups where Retain is not checked.

The Retain Checkbox

When creating a retention policy, you have the option to exempt any backup from the policy, preventing it from being deleted. By default, backups created from a schedule are not exempt, but manually created backups are. You can switch this value manually when you're creating a backup, or from the Retain checkbox in the backups page, as long as a retention policy is active.