Ultimate Metasploit Framework Cheatsheet
A comprehensive reference guide for penetration testers using the Metasploit Framework.
Table of Contents
Introduction to Metasploit
The Metasploit Framework is an open-source penetration testing framework maintained by Rapid7 and the security community. It provides a structured environment for developing and executing exploit code.
Core Components
- MSFconsole – The main CLI interface.
- Modules – Pre-packaged exploits and tools.
- Tools – Standalone utilities (msfvenom).
- Libraries – Rex, Msf::Core, Msf::Base.
Module Types
- Exploits – Code that leverages a vulnerability.
- Payloads – Code that runs after exploitation.
- Auxiliary – Scanners, fuzzers, and sniffers.
- Post – Post-exploitation modules.
Installation & Setup
On Kali Linux (Pre-installed)
Ensure your framework is up to date:
Update Metasploit
Start the Console
Initialize Database
Metasploit uses PostgreSQL to store results. Start it before MSF:
Basic Commands
| Command | Description |
|---|---|
help | Show available commands |
version | Show framework version |
banner | Display the ASCII banner |
connect | Netcat-like connection tool |
spool [file] | Save console output to file |
save | Save current environment settings |
exit | Exit the console |
MSFconsole Commands
These commands are used to navigate modules and configure exploits.
| Command | Description |
|---|---|
search [term] | Search for modules |
use [module] | Select a module to use |
info | Display detailed module info |
show options | Show required parameters |
set [opt] [val] | Set a specific option |
setg [opt] [val] | Set a global option |
unset [opt] | Unset an option |
back | Go back to main menu |
exploit / run | Execute the module |
check | Check if target is vulnerable |
You can use resource [file.rc] to run a script file containing multiple Metasploit commands automatically.
Working with Modules
Finding Modules
Common Search Filters
| Filter | Example |
|---|---|
type: | exploit, payload, auxiliary, post |
platform: | windows, linux, android, php |
name: | smb, apache, ssh |
cve: | 2017, 2021 |
rank: | excellent, great, normal |
Example: EternalBlue
Database Commands
Payloads Reference
Payloads are the code that runs on the target machine upon successful exploitation.
| Payload Name | Type |
|---|---|
windows/meterpreter/reverse_tcp | Staged Windows Reverse Shell |
windows/x64/meterpreter/reverse_tcp | 64-bit Windows Reverse Shell |
linux/x86/meterpreter/reverse_tcp | Linux Reverse Shell |
php/meterpreter/reverse_tcp | Web Server (PHP) Shell |
android/meterpreter/reverse_tcp | Android APK Shell |
cmd/unix/reverse_netcat | Netcat-based Shell |
Exploitation & Handlers
Setting up a Listener (Multi Handler)
Used to catch reverse shells generated by msfvenom.
Post-Exploitation
Actions to perform after getting a session.
Session Management
Inside a Session
Post Modules
Meterpreter Commands
| Command | Description |
|---|---|
upload [src] [dst] | Upload file to target |
download [src] [dst] | Download file from target |
search -f [file] | Search for files |
shell | Drop into system shell (cmd/bash) |
execute -f [cmd] | Run a command |
screenshot | Take desktop screenshot |
keyscan_start | Start keylogger |
keyscan_dump | Dump keystrokes |
hashdump | Dump SAM database hashes |
Auxiliary Modules
Useful for scanning and enumeration before exploitation.
SMB Version Scanner
SSH Login Brute Force
Pivoting & Tunnelling
Auto Route
Route traffic through a compromised host to reach an internal network.