Hello hacker! We’re going to take your pentesting skills to the next level with Metasploit. This powerful framework is a must-have in any ethical hacker’s toolkit, so we better get you up to speed quickly.
Whether you’re a seasoned red teamer or just starting out, this cheat sheet will put all the essential commands and modules right at your fingertips. We aim to give you a solid understanding of how the Metasploit Framework works and how to use it effectively.
Download a PDF version of the Metasploit cheat sheet here to keep on your desk. If you’re ready to get hacking, read on!
What Is Metasploit?
Metasploit is a popular open-source framework for creating, testing, and deploying exploits. It is used by hackers (ethical and otherwise) and security researchers to test the security of machines, networks, and infrastructure.
Metasploit’s collection of exploits, payloads, and tools to conduct penetration testing can speed up the testing process and take on much of the heavy lifting.
Most of the available tools and exploits only require filling in some basic information, such as the target ip address and port number and possibly operating system or software version of the target. Very little modification is required of the user.
It also has the ability to easily upload files to and download files from a target system, perform network scanning, routing network traffic, and manage multiple sessions at once.
Whether you’re a security professional or a student learning about cybersecurity, Metasploit is a valuable tool to have in your arsenal.
Networking Commands
These will allow you to view and manipulate network information and data transmission on a target network.
| ipconfig: | Show network interface configuration |
| portfwd: | Forward packets |
| route: | View / edit network routing table |
Meterpreter Commands
These commands can be used in an existing meterpreter session to enumerate and manipulate you target.
| BASIC AND FILE HANDLING COMMANDS | |
|---|---|
| sysinfo | Display system in formation |
| ps | List and display running processes |
| kill (PID) | Terminate a running process |
| getuid | Display user ID |
| upload or download | Upload / download a file |
| pwd or lpwd | Print working directory ( local / remote) |
| cd or lcd | Change directory ( local or remote) |
| cat | Display file content |
| bglist | show background running scripts |
| bgrun | make a script run in the background |
| bgkill | terminate a background process |
| background | Move active session to background |
| edit <FILE Name> | Edit a file in vi editor |
| shell | Access shell on the target machine |
| migrate <PID> | Switch to another process |
| idletime | Display idle time of user |
| screenshot | Take a screenshot |
| clearev | Clear the system logs |
| ? or Help | Help showing all the commands |
| exit / quit : | Exit the Meterpreter session |
| shutdown / reboot | Restart the system |
| use | Extension load |
| channel | Show active channels |
Metasploit Command Generator
Say goodbye to the hassle of trying to remember the exact syntax for your Metasploit commands! With our Metasploit Command Generator, you can simply say what you need Metasploit to do, and we will generate the command for you.
Process Handling Commands
Gather information on running software and processes on the target machine with these commands.
| COMMAND | DESCRIPTION |
|---|---|
| getpid: | Display the process ID |
| getuid: | Display the user ID |
| ps: | Display running process |
| Kill: | Stop and terminate a process |
| getprivs | Shows multiple privileges as possible |
| reg | Access target machine registry |
| Shell | Access target machine shell |
| execute: | Run a specified |
| migrate: | Move to a given destination process ID |
Interface / Output Commands
View the target desktop and capture keystrokes with these commands.
| enumdesktops | Show all available desktops |
| Getdesktop | Display current desktop |
| keyscan_ start | Start keylogger in target macahine |
| Keyscan_ stop | Stop keylogger in target machine |
| set _desktop | Configure desktop |
| keyscan_dump | Dump keylogger content |
Password Management Commands
Steal user and system passwords.
| hashdump | Access content of password file – Hash file |
MSF Venom Command Options
Use these flags to generate reverse shell payloads.
| SWITCH | SYNTAX | DESCRIPTION |
|---|---|---|
| -p | – p (Payload option) | Display payload standard options |
| – l | – l ( list type) | List module type i .e payload, encoders |
| – f | – f ( format ) | output format |
| – e | -e (encoder) | Define which encoder to use |
| -a | – a (Architecture or platform | Define which platform to use |
| -s | -s (Space) | Define maximum payload capacity |
| -b | -b (characters) | Define set of characters not to use |
| – i | – i (Number of times) | Define number of times to use encoder |
| -x | -x (File name) | Define a custom file to use as template |
| – o | -o (output) | Save a payload |
| – h | -h | Help |
Conclusion
Metasploit can speed up your pentesting, help organize multiple sessions, and make you a more efficient hacker. By automating many simple but time consuming tasks, you can spend more time focused on enumerating your targets and planning your next attack steps.
You can master Metasploit with our collection of Ethical Hacking and Penetration Testing courses available in our member’s section. Also read about some of the other top penetration testing tools here.
Metasploit is an important aid in penetration testing and using it pen testing teams can detect weak spots in a network. Thanks Nathan for sharing this cheat sheet.
This is a great information. I need to learn more about Metasploit. At the present time I am completing one of your courses. Great course. Thanks.
GRATITUDE NATHATN‼️‼️‼️
DEFINITELY A GREAT TEACHER!!!