Msfconsole Commands

Metasploit msfconsole commands

  • Show all exploits of the Metasploit Framework
show exploits
  • Show all payloads
show payloads
  • Show all auxiliary modules of the Metasploit Framework
show auxiliary
  • Search for exploits or modules
search name
  • Load information about a specific exploit or module
info
  • Load an exploit or module
use name
  • Your local IP address if you are on the same network with the target or the public IP address when you are not
LHOST
  • The IP address of the target
RHOST
  • Set a specific value (for example RHOST or LHOST)
set function
  • Set a specific value globally (for example RHOST or LHOST)
setg function
  • Shows the options that are available for module or exploit
show options
  • shows which platforms can be attacked by the exploit
show targets
  • specify a target index if you know the OS and the service pack
set target num
  • Specify the payload that it will be used
set payload payload
  • Show advanced options
show advanced
  • Automatically migrate a separate process upon exploit completion
set autorunscript migrate -f
  • Determine if the target is vulnerable to an attack
check
  • Execute the module or exploit and attack the target
exploit
  • Run the exploit under the context of the job
exploit -j
  • Do not interact with the session after successful exploitation
exploit -z
  • specify the payload encoder to use (example:exploit -e shikata_ga_nai)
exploit -e encoder
  • Display help for the exploit command
exploit -h
  • List available sessions
sessions -i
  • List all available sessions and show verbose fields,such as which vulnerability was used when exploiting the system
sessions -i -v
  • Run a specific Meterpreter script on all Meterpreter live sessions
sessions -s script
  • Kill all live sessions
sessions -K
  • Execute a command on all live Meterpreter sessions
sessions -c cmd
  • Upgrade a normal Win32 shell to a Meterpreter console
sessions -u sessionID
  • Create a database to use with database-driven attacks (example:db_create autopwn)
db_create name
  • Create and connect to a database for driven attacks (example:db_connect autopwn)
db_connect name
  • Use nmap and place results in database
db_nmap
  • Display help for using db_autopwn
db_autopwn -h
  • Run db_autopwn against all ports found,use a reverse shell and exploit all systems
db_autopwn -p -r -e
  • Delete the current database
db_destroy
  • Delete database using advanced options
db_destroy user:password@host:port/database
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License