Here is a list with the most often used commands of Metasploit Framework console.

Metasploit Framework Console Commands List

show exploits

Show all exploits of the Metasploit Framework

show payloads

Show all payloads

show auxiliary

Show all auxiliary modules of the Metasploit Framework

search name

Search for exploits or modules


Load information about a specific exploit or module

use name

Load an exploit or module


Your local IP address if you are on the same network with the target or  the public IP address when you are not


The IP address of the target

set function

Set a specific value (for example RHOST or LHOST)

setg function

Set a specific value globally (for example RHOST or LHOST)

show options

Shows the options that are available for module or exploit

show targets

shows which platforms can be attacked by the exploit

set target num

specify a target index if you know the OS and the service pack

set payload payload

Specify the payload that it will be used

show advanced

Show advanced options

set autorunscript migrate -f

Automatically migrate a separate process upon exploit completion


Determine if the target is vulnerable to an attack


Execute the module or exploit and attack the target

exploit -j

Run the exploit under the context of the job

exploit -z

Do not interact with the session after successful exploitation

exploit -e encoder

specify the payload encoder to use (example:exploit -e shikata_ga_nai)

exploit -h

Display help for the exploit command

sessions -i

List available sessions

sessions -i -v

List all available sessions and show verbose fields,such as which vulnerability was used when exploiting the system

sessions -s script

Run a specific Meterpreter script on all Meterpreter live sessions

sessions -K

Kill all live sessions

sessions -c cmd

Execute a command on all live Meterpreter sessions

sessions -u sessionID

Upgrade a normal Win32 shell to a Meterpreter console

db_create name

Create a database to use with database-driven attacks (example:db_create autopwn)

db_connect name

Create and connect to a database for driven attacks (example:db_connect autopwn)


Use nmap and place results in database

db_autopwn -h

Display help for using db_autopwn

db_autopwn -p -r -e

Run db_autopwn against all ports found,use a reverse shell and exploit all systems


Delete the current database

db_destroy user:password@host:port/database

Delete database using advanced options


  1. I like the cheatsheet. Thanks for that. Would you be able to put examples for each command as well for the newbies?

    For instance, when importing nmap XML results into the Framework.
    msf> db_connect postgres:user@
    msf> db_import nmapresults.xml

    Another command I use often just to make sure I’m connected correctly is:
    msf> db_status

  2. Well Mary this is just for reference when working with the metasploit so thats why I didn’t put any examples.

    However in future articles you will be able to see the examples that you need from the images from our lab.So you will not only have an example of the command but a scenario of how to use it and why.

    I hope that this should work for you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s