15 November 2015


by mo

MSFconsole core commands reference


Command Example Description
help help search You can further refine your searches by using the built-in keyword system.
search search freeftpd Note: Specifc to msfconsole (Within a meterpreter session there are different search commands). The msfconsole search function will locate this string within the module names, descriptions, references, etc.
search name: search name:mysql To search using a descriptive name, use the “name” keyword.
search path: search path:scada Use the “path” keyword to search within the module paths.
search platform: search platform:aix You can use “platform” to narrow down your search to modules that affect a specific platform.
search type: search type:post Using the “type” lets you filter by module type such as auxiliary, post, exploit, etc.
  search cve:2011 type:post platform:windows You can also combine multiple keywords together to further narrow down the returned results.
info info exploit/windows/smb/ms09_050_smb2_negotiate_func_index Provides detailed information about a particular module including all options, targets, and other information
show auxiliary show auxiliary Executing ‘show auxiliary’ will display a listing of all of the available auxiliary modules within Metasploit. As mentioned earlier, auxiliary modules include scanners, denial of service modules, fuzzers, and more.
show exploits show exploits Naturally, ‘show exploits’ will be the command you are most interested in running since at its core, Metasploit is all about exploitation. Run ‘show exploits’ to get a listing of all exploits contained in the framework.
show payloads show payloads Running ‘show payloads’ will display all of the different payloads for all platforms available within Metasploit. As you can see, there are a lot of payloads available. Fortunately, when you are in the context of a particular exploit, running ‘show payloads’ will only display the payloads that are compatible with that particular exploit. For instance, if it is a Windows exploit, you will not be shown the Linux payloads.
show options show options If you have selected a specific module, you can issue the ‘show options’ command to display which settings are available and/or required for that specific module.
show targets show targets If you aren’t certain whether an operating system is vulnerable to a particular exploit, run the ‘show targets’ command from within the context of an exploit module to see which targets are supported.
use use exploit/windows/smb/ms09_050_smb2_negotiate_func_index When you have decided on a particular module to make use of, issue the ‘use’ command to select it. The ‘use’ command changes your context to a specific module, exposing type-specific commands. Notice in the output below that any global variables that were previously set are already configured.
set set payload windows/meterpreter/reverse_tcp set a payloard/ target, etc. within an exploit.
setg setg rhost Set rhost as the global target which will be pre-set for future modules/payloads
loadpath loadpath /home/secret/modules The loadpath command will load a third-part module tree for the path so you can point Metasploit at your 0-day exploits, encoders, payloads, etc.
sessions sessions -h The ‘sessions’ command allows you to list, interact with, and kill spawned sessions. The sessions can be shells, Meterpreter sessions, VNC, etc.
sessions -l sessions -l List all active sessions
sessions -i sessions -i Interact with the supplied session ID
background   background a session from within meterpreter
jobs jobs -h Jobs are modules that are running in the background. The jobs command provides the ability to list and terminate these jobs.
kill kill 2 The kill command will kill any running jobs when supplied with the job id.
previous previous Sets the previously loaded module as the current module
exploit -j exploit -j Force an active module to the background by passing ‘-j’ to the exploit command. Find it again via “sessions -l”