MSFconsole core commands reference
| Command | Example | Description | |
|---|---|---|---|
| help | help search | You can further refine your searches by using the built-in keyword system. | |
| search | search freeftpd | Note: Specifc to msfconsole (Within a meterpreter session there are different search commands). The msfconsole search function will locate this string within the module names, descriptions, references, etc. | |
| search name: | search name:mysql | To search using a descriptive name, use the “name” keyword. | |
| search path: | search path:scada | Use the “path” keyword to search within the module paths. | |
| search platform: | search platform:aix | You can use “platform” to narrow down your search to modules that affect a specific platform. | |
| search type: | search type:post | Using the “type” lets you filter by module type such as auxiliary, post, exploit, etc. | |
| search cve:2011 type:post platform:windows | You can also combine multiple keywords together to further narrow down the returned results. | ||
| info | info exploit/windows/smb/ms09_050_smb2_negotiate_func_index | Provides detailed information about a particular module including all options, targets, and other information | |
| show auxiliary | show auxiliary | Executing ‘show auxiliary’ will display a listing of all of the available auxiliary modules within Metasploit. As mentioned earlier, auxiliary modules include scanners, denial of service modules, fuzzers, and more. | |
| show exploits | show exploits | Naturally, ‘show exploits’ will be the command you are most interested in running since at its core, Metasploit is all about exploitation. Run ‘show exploits’ to get a listing of all exploits contained in the framework. | |
| show payloads | show payloads | Running ‘show payloads’ will display all of the different payloads for all platforms available within Metasploit. As you can see, there are a lot of payloads available. Fortunately, when you are in the context of a particular exploit, running ‘show payloads’ will only display the payloads that are compatible with that particular exploit. For instance, if it is a Windows exploit, you will not be shown the Linux payloads. | |
| show options | show options | If you have selected a specific module, you can issue the ‘show options’ command to display which settings are available and/or required for that specific module. | |
| show targets | show targets | If you aren’t certain whether an operating system is vulnerable to a particular exploit, run the ‘show targets’ command from within the context of an exploit module to see which targets are supported. | |
| use | use exploit/windows/smb/ms09_050_smb2_negotiate_func_index | When you have decided on a particular module to make use of, issue the ‘use’ command to select it. The ‘use’ command changes your context to a specific module, exposing type-specific commands. Notice in the output below that any global variables that were previously set are already configured. | |
| set | set payload windows/meterpreter/reverse_tcp | set a payloard/ target, etc. within an exploit. | |
| setg | setg rhost 192.168.168.101 | Set rhost as the global target which will be pre-set for future modules/payloads | |
| loadpath | loadpath /home/secret/modules | The loadpath command will load a third-part module tree for the path so you can point Metasploit at your 0-day exploits, encoders, payloads, etc. | |
| sessions | sessions -h | The ‘sessions’ command allows you to list, interact with, and kill spawned sessions. The sessions can be shells, Meterpreter sessions, VNC, etc. | |
| sessions -l | sessions -l | List all active sessions | |
| sessions -i | sessions -i | Interact with the supplied session ID | |
| background | background a session from within meterpreter | ||
| jobs | jobs -h | Jobs are modules that are running in the background. The jobs command provides the ability to list and terminate these jobs. | |
| kill | kill 2 | The kill command will kill any running jobs when supplied with the job id. | |
| previous | previous | Sets the previously loaded module as the current module | |
| exploit -j | exploit -j | Force an active module to the background by passing ‘-j’ to the exploit command. Find it again via “sessions -l” |