Here is a list with the most often used commands of Metasploit Framework console.
Metasploit Framework Console Commands List
Show all exploits of the Metasploit Framework
Show all payloads
Show all auxiliary modules of the Metasploit Framework
Search for exploits or modules
Load information about a specific exploit or module
Load an exploit or module
Your local IP address if you are on the same network with the target or the public IP address when you are not
The IP address of the target
Set a specific value (for example RHOST or LHOST)
Set a specific value globally (for example RHOST or LHOST)
Shows the options that are available for module or exploit
shows which platforms can be attacked by the exploit
set target num
specify a target index if you know the OS and the service pack
set payload payload
Specify the payload that it will be used
Show advanced options
set autorunscript migrate -f
Automatically migrate a separate process upon exploit completion
Determine if the target is vulnerable to an attack
Execute the module or exploit and attack the target
Run the exploit under the context of the job
Do not interact with the session after successful exploitation
exploit -e encoder
specify the payload encoder to use (example:exploit -e shikata_ga_nai)
Display help for the exploit command
List available sessions
sessions -i -v
List all available sessions and show verbose fields,such as which vulnerability was used when exploiting the system
sessions -s script
Run a specific Meterpreter script on all Meterpreter live sessions
Kill all live sessions
sessions -c cmd
Execute a command on all live Meterpreter sessions
sessions -u sessionID
Upgrade a normal Win32 shell to a Meterpreter console
Create a database to use with database-driven attacks (example:db_create autopwn)
Create and connect to a database for driven attacks (example:db_connect autopwn)
Use nmap and place results in database
Display help for using db_autopwn
db_autopwn -p -r -e
Run db_autopwn against all ports found,use a reverse shell and exploit all systems
Delete the current database
Delete database using advanced options
I like the cheatsheet. Thanks for that. Would you be able to put examples for each command as well for the newbies?
For instance, when importing nmap XML results into the Framework.
msf> db_connect postgres:firstname.lastname@example.org/msf3
msf> db_import nmapresults.xml
Another command I use often just to make sure I’m connected correctly is:
Well Mary this is just for reference when working with the metasploit so thats why I didn’t put any examples.
However in future articles you will be able to see the examples that you need from the images from our lab.So you will not only have an example of the command but a scenario of how to use it and why.
I hope that this should work for you.
db_autopwn was removed last year so should be removed from the list so as not to confuse people.