Metasploit Cheat Sheet: Master the Modules

Metasploit Cheat Sheet

Hello hacker! We're going to take your pentesting skills to the next level with Metasploit. This powerful framework is a must-have in any ethical hacker's toolkit, so we better get you up to speed quickly. 

Whether you're a seasoned red teamer or just starting out, this cheat sheet will put all the essential commands and modules right at your fingertips. We aim to give you a solid understanding of how the Metasploit Framework works and how to use it effectively.

Download a PDF version of the Metasploit cheat sheet here to keep on your desk. If you're ready to get hacking, read on!

Metasploit Cheat Sheet Search

Search our Metasploit cheat sheet to find the right cheat for the term you're looking for. Simply enter the term in the search bar and you'll receive the matching cheats available.

What Is Metasploit?

Metasploit is a popular open-source framework for creating, testing, and deploying exploits. It is used by hackers (ethical and otherwise) and security researchers to test the security of machines, networks, and infrastructure. 

Metasploit’s collection of exploits, payloads, and tools to conduct penetration testing can speed up the testing process and take on much of the heavy lifting. 

Most of the available tools and exploits only require filling in some basic information, such as the target ip address and port number and possibly operating system or software version of the target. Very little modification is required of the user.

It also has the ability to easily upload files to and download files from a target system, perform network scanning, routing network traffic, and manage multiple sessions at once.

Whether you're a security professional or a student learning about cybersecurity, Metasploit is a valuable tool to have in your arsenal.

Networking Commands

These will allow you to view and manipulate network information and data transmission on a target network.

ipconfig:Show network interface configuration
portfwd:Forward packets
route:View / edit network routing table

Meterpreter Commands

These commands can be used in an existing meterpreter session to enumerate and manipulate you target.

BASIC AND FILE HANDLING COMMANDS
sysinfoDisplay system in formation
psList and display running processes
kil​l (PID)Terminate a running process
getuidDisplay user ID
upload or downloadUpload / download a file
pwd or lpwdPrint working directory ( local / remote)
cd or lcdChange directory ( local or remote)
catDisplay file content
bglistshow background running scripts
bgrunmake a script run in the background
bgkillterminate a background process
backgroundMove active session to background
edit <FILE Name>Edit a file in vi editor
shellAccess shell on the target machine
migrate <PID>Switch to another process
idletimeDisplay idle time of user
screenshotTake a screenshot
clearevClear the system logs
? or HelpHelp sho​wing all the commands
exit / quit :Exit the Meterpreter session
shutdown / rebootRestart the system
useExtension load
channelShow active channels

Metasploit Command Generator

Say goodbye to the hassle of trying to remember the exact syntax for your Metasploit commands! With our Metasploit Command Generator, you can simply say what you need Metasploit to do, and we will generate the command for you.

Process Handling Commands

Gather information on running software and processes on the target machine with these commands.

COMMANDDESCRIPTION
getpid:Display the process ID
getuid:Display the user ID
ps:Display running process
Kill:Stop and terminate a process
getprivsShows multiple privileges as possible
regAccess target machine registry
ShellAccess target machine shell
execute:Run a specified
migrate:Move to a given destination process ID

Interface / Output Commands

View the target desktop and capture keystrokes with these commands.

enumdesktopsShow all available desktops
GetdesktopDisplay current desktop
keyscan_ startStart keylogger in target macahine
Keyscan_ stopStop keylogger in target machine
set _desktopConfigure desktop
keyscan_dumpDump keylogger content

Password Management Commands

Steal user and system passwords.

hashdumpAccess content of password file – Hash file

MSF Venom Command Options

Use these flags to generate reverse shell payloads.

SWITCHSYNTAX DESCRIPTION
-p– p (Payload option)Display payload standard options
– l– l ( list type)List module type i .e payload, encoders
– f– f ( format )output format
– e-e (encoder)Define which encoder to use
-a– a (Architecture or platformDefine which platform to use
-s-s (Space)Define maximum payload capacity
-b-b (characters)Define set of characters not to use
– i– i (Number of times)Define number of times to use encoder
-x-x (File name)Define a custom file to use as template
– o-o (output)Save a payload
– h-hHelp

Conclusion

Metasploit can speed up your pentesting, help organize multiple sessions, and make you a more efficient hacker. By automating many simple but time consuming tasks, you can spend more time focused on enumerating your targets and planning your next attack steps. 

You can master Metasploit with our collection of Ethical Hacking and Penetration Testing courses available in our member’s section. Also read about some of the other top penetration testing tools here.

Frequently Asked Questions

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Nathan House

    Nathan House is the founder and CEO of StationX. He has over 25 years of experience in cyber security, where he has advised some of the largest companies in the world. Nathan is the author of the popular "The Complete Cyber Security Course", which has been taken by over half a million students in 195 countries. He is the winner of the AI "Cyber Security Educator of the Year 2020" award and finalist for Influencer of the year 2022.

  • Alishia says:

    Metasploit is an important aid in penetration testing and using it pen testing teams can detect weak spots in a network. Thanks Nathan for sharing this cheat sheet.

  • Milciades says:

    This is a great information. I need to learn more about Metasploit. At the present time I am completing one of your courses. Great course. Thanks.

  • Anthony Wade Nelson-Bey says:

    GRATITUDE NATHATN‼️‼️‼️

    DEFINITELY A GREAT TEACHER!!!

  • >

    StationX Accelerator Pro

    Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Accelerator Pro Program. Stay tuned for more!

    StationX Accelerator Premium

    Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Accelerator Premium Program. Stay tuned for more!

    StationX Master's Program

    Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Master’s Program. Stay tuned for more!