The Metasploit Framework Console (MSFConsole) is a Command-Line Interface (CLI) and the primary way to interact with Metasploit. Some novice users may find it difficult to use, mainly those not used to working with CLI-driven applications.
Metasploitβs context-specific syntax can be confusing at first, so weβve written this guide to help explain the core concepts youβll need to understand. Once youβve learned a few basic Metasploit Commands, youβll be able to leverage hundreds of modules to scan systems and perform exploits.
In this article, weβll cover:
- How to work with modules
- Configuring parameters
- Running exploits and payloads
- The PostgreSQL database
- Frequently Asked Questions (FAQ)
Letβs begin!
Navigation and Basic Commands
In this guide, weβll be running Metasploit Framework on a Kali Linux virtual appliance since it comes pre-loaded (along with a few hundred other useful tools and utilities). Metasploit Framework can also be installed as a stand-alone application for other Linux distributions, macOS and Windows.
Starting the Metasploit Framework Console
You can start the Metasploit Framework Console by searching for and launching the metasploit framework app from the Applications menu (as shown in the following screenshot):
You can also start Metasploit in Kali Linux by opening a terminal console (CTRL+ALT+T) and typing sudo msfdb init && msfconsole
:
We can break this command down into three basic parts:
- Firstly, the
sudo
command is used to elevate privileges - Next, the
msfdb init
command initializes the Metasploit PostgreSQL database (used to save testing data) - Lastly, the logical βANDβ operator (
&&
) tells it to launch the Metasploit Framework console withmsfconsole
if the previous command was successful
Upon launch, an ASCII art banner is displayed each time you run the MSFConsole, but you can also display a new one using the banner
command:
If youβd prefer to launch MSFConsole without a banner, you do so using the -q switch:
There are several other switches available for the msfconsole
command, you can use -h to display them all:
The command prompt will differ depending on the Metasploit version youβre using. In Metasploit versions 5 and 6, the MSFConsole command prompt is appended with the version number (e.g., βmsf5 >
β or βmsf6 >
β), whereas earlier versions appeared as βmsf >
β without the version number.
From here, you can enter commands to interact with the console.
Getting Help
The first command you should familiarize yourself with is help
, which displays a list of available commands in the MSFConsole:
To learn more about a specific command, you can run help
, followed by the name of the command youβd like to learn more about. E.g., help module
:
Searching for Modules
There are thousands of available modules in Metasploit. You can use the search command to narrow down that list. Typing help search
or search -h
will display a full list of options available:
Below are some commonly used parameters:
- Name (no parameters): If you want to cast a wide net, you can simply type
search
followed by a keyword. e.g.,search portscan
- CVE: Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed vulnerabilities for specific software applications and libraries, each given a unique identifier or CVE ID. e.g.,
search cve:2021-45046
- Type: Narrow down your search to particular module types, such as auxiliary modules (i.e., scanners) or exploit modules. e.g.,
search type:auxiliary mysql
Obtaining Information About Modules
Once youβve identified a module youβre interested in using, you can use the info
command to find out more about it:
How to Use Modules
Once youβve selected a module, you can load it with the use
command:
This appends the prompt with the module name in red.
Backing Out of Modules
You can unload a module using the back
command:
Exiting MSFConsole
Using the exit
command will close your connection to the MSFConsole, returning you to the terminal:
Configuring Module Parameters
Now that weβve covered how to search for and use modules, weβre going to explain how to configure them.
Displaying Module Options
Each module has a list of parameters or options you can configure. Some of these are mandatory, and others are optional.
After loading a module with the use
command, you can type options
(or show options
) to display a list of available parameters and their descriptions:
If you want to verify the value of a specific parameter, you can do so using the get
command:
Show Advanced Options
To view any advanced options that may be available for a given module, you can use the show advanced
command:
Setting Module Parameters
Before you can use a module to scan or exploit a target, it needs to be configured for your specific use case. You can use the set
command to update the value of a parameter:
We know from its parameter description that βRHOSTSβ represents the remote (read: target) hostβs IP (192.168.5.122 in my test lab). You can override the value of any previously set parameter value by running the set
command again or by using the unset
command to clear it:
Setting Global Variables
Youβll notice that some parameters, such as RHOSTS appear over and over again across multiple modules. Rather than repeatedly entering the RHOSTS value for each new module we load, we can use the setg
(as in, βset globalβ) command:
In the example above, we set the RHOSTS global value to β192.168.5.122β, loaded a new module, and checked the value of RHOSTS using the get
command. The output verified that it was already configured to our custom value.
Running Modules and Exploits
Once youβve configured all parameters marked as βrequiredβ for the module youβve loaded, you can execute it using either the run
or exploit
command:
After running an exploit, the results will be displayed, letting you know whether the module ran successfully or not.
Searching for Payloads
Some exploits require a payload (additional code used to interact with the target). You can use the show payloads
command to view the available payloads for your exploit module:
Selecting a Payload
You can select a payload by using the set payload
command, using either its name or number:
In the example above, weβve configured the exploit to open a reverse perl shell on the target after compromising a known vulnerability on that targetβs FTP server.
Useful Database Commands
As mentioned previously in this guide, Metasploit supports using a PostgreSQL database to store information captured during a penetration testing session.
Note: You can run the Metasploit Framework Console without being connected to a database. However, some commands that require a database running (e.g., db_nmap
) wonβt be usable.
Checking the Database Status
The db_status
command will display whether or not the Metasploit database is running:
Importing and Exporting Data
At some point, youβll want to get data into and out of the Metasploit database. Some examples of data you might want to work with in Metasploit include network scan results (e.g., Nmap) and vulnerability assessments (e.g., Nessus, OpenVAS).
You can use the db_import
command to import data into your Metasploit Database and db_export
to export data. For syntax and a full list of support file types, you can use the -h switch (i.e., db_import -h
).
Using Nmap in Conjunction With Your Metasploit Database
Metasploit can run Nmap against targets and save the results to the database. Simply run db_nmap
followed by any [Nmap] switches youβd like to use: