Core Commands
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | Command Description------- -----------? Help menubanner Display an awesome metasploit bannercd Change the current working directorycolor Toggle colorconnect Communicate with a hostdebug Display information useful for debuggingexit Exit the consolefeatures Display the list of not yet released features that can be opted in toget Gets the value of a context-specific variablegetg Gets the value of a global variablegrep Grep the output of another commandhelp Help menuhistory Show command historyload Load a framework pluginquit Exit the consolerepeat Repeat a list of commandsroute Route traffic through a sessionsave Saves the active datastoressessions Dump session listings and display information about sessionsset Sets a context-specific variable to a valuesetg Sets a global variable to a valuesleep Do nothing for the specified number of secondsspool Write console output into a file as well the screenthreads View and manipulate background threadstips Show a list of useful productivity tipsunload Unload a framework pluginunset Unsets one or more context-specific variablesunsetg Unsets one or more global variablesversion Show the framework and console library version numbers |
Module Commands
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | Command Description------- -----------advanced Displays advanced options for one or more modulesback Move back from the current contextclearm Clear the module stackfavorite Add module(s) to the list of favorite modulesinfo Displays information about one or more moduleslistm List the module stackloadpath Searches for and loads modules from a pathoptions Displays global options or for one or more modulespopm Pops the latest module off the stack and makes it activeprevious Sets the previously loaded module as the current modulepushm Pushes the active or list of modules onto the module stackreload_all Reloads all modules from all defined module pathssearch Searches module names and descriptionsshow Displays modules of a given type, or all modulesuse Interact with a module by name or search term/index |
Job Commands
1 2 3 4 5 6 | Command Description------- -----------handler Start a payload handler as jobjobs Displays and manages jobskill Kill a jobrename_job Rename a job |
Resource Script Commands
1 2 3 4 | Command Description------- -----------makerc Save commands entered since start to a fileresource Run the commands stored in a file |
Database Backend Commands
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | Command Description------- -----------analyze Analyze database information about a specific address or address rangedb_connect Connect to an existing data servicedb_disconnect Disconnect from the current data servicedb_export Export a file containing the contents of the databasedb_import Import a scan result file (filetype will be auto-detected)db_nmap Executes nmap and records the output automaticallydb_rebuild_cache Rebuilds the database-stored module cache (deprecated)db_remove Remove the saved data service entrydb_save Save the current data service connection as the default to reconnect on startupdb_status Show the current data service statushosts List all hosts in the databaseloot List all loot in the databasenotes List all notes in the databaseservices List all services in the databasevulns List all vulnerabilities in the databaseworkspace Switch between database workspaces |
Credentials Backend Commands
1 2 3 | Command Description------- -----------creds List all credentials in the database |
Developer Commands
1 2 3 4 5 6 7 8 | Command Description------- -----------edit Edit the current module or a file with the preferred editorirb Open an interactive Ruby shell in the current contextlog Display framework.log paged to the end if possiblepry Open the Pry debugger on the current module or Frameworkreload_lib Reload Ruby library files from specified pathstime Time how long it takes to run a particular command |
msfconsole
msfconsole is the primary interface to Metasploit Framework. There is quite a
lot that needs go here, please be patient and keep an eye on this space!
Building ranges and lists
Many commands and options that take a list of things can use ranges to avoid
having to manually list each desired thing. All ranges are inclusive.
Ranges of IDs
Commands that take a list of IDs can use ranges to help. Individual IDs must be
separated by a , (no space allowed) and ranges can be expressed with either- or ...
Ranges of IPs
There are several ways to specify ranges of IP addresses that can be mixed
together. The first way is a list of IPs separated by just a (ASCII space),
with an optional ,. The next way is two complete IP addresses in the form ofBEGINNING_ADDRESS-END_ADDRESS like 127.0.1.44-127.0.2.33. CIDR
specifications may also be used, however the whole address must be given to
Metasploit like 127.0.0.0/8 and not 127/8, contrary to the RFC.
Additionally, a netmask can be used in conjunction with a domain name to
dynamically resolve which block to target. All these methods work for both IPv4
and IPv6 addresses. IPv4 addresses can also be specified with special octet
ranges from the NMAP target specification
Examples
Terminate the first sessions:
1 | sessions -k 1 |
Stop some extra running jobs:
1 | jobs -k 2-6,7,8,11..15 |
Check a set of IP addresses:
1 | check 127.168.0.0/16, 127.0.0-2.1-4,15 127.0.0.255 |
Target a set of IPv6 hosts:
1 | set RHOSTS fe80::3990:0000/110, ::1-::f0f0 |
Target a block from a resolved domain name:
1 | set RHOSTS www.example.test/24 |
