LinuxCommandLibrary
GitHub F-Droid Google Play Store

metasploit

penetration testing platform for developing, testing, and executing exploits

TLDR

Start Metasploit console
$ msfconsole
copy
Start without banner
$ msfconsole -q
copy
Execute a resource script at startup
$ msfconsole -r [script.rc]
copy
Initialize the database
$ msfdb init
copy
Run a specific module with inline commands
$ msfconsole -x "use [exploit/multi/handler]; set RHOSTS [target]; run"
copy
Generate a payload with msfvenom
$ msfvenom -p [windows/meterpreter/reverse_tcp] LHOST=[ip] LPORT=[port] -f [exe] -o [payload.exe]
copy
List available payloads
$ msfvenom --list payloads
copy
Search for modules by keyword
$ msfconsole -q -x "search [type:exploit] [platform:windows]"
copy

SYNOPSIS

msfconsole [options]

DESCRIPTION

Metasploit Framework is a penetration testing platform for developing, testing, and executing exploits. It includes a large database of public exploits and payloads for security testing.The framework includes msfconsole (interactive shell), msfvenom (payload generator), and auxiliary tools.

PARAMETERS

-q, --quiet

Don't print banner.
-r file
Resource script file.
-x cmd
Execute command.
-o file
Output to file.
-L
List all available modules, payloads, encoders, or nops.
-n nopsled
Prepend a nopsled of given size to the payload.
-e encoder
Encoder to use.
-p payload
Payload to use (msfvenom).
-f format
Output format (msfvenom): exe, elf, raw, python, c, etc.

COMMON COMMANDS

$ search <term> - Search modules
use <module> - Select module
info - Module details
show options - Display module options
set <opt> <val> - Set option
run / exploit - Execute module
sessions - List active sessions
back - Exit current module
copy

CAVEATS

Requires authorization for use. Database setup recommended. Regular updates needed. Antivirus may flag payloads.

HISTORY

Metasploit was created by H.D. Moore in 2003 as a portable network tool. It was acquired by Rapid7 in 2009 and remains the most popular penetration testing framework.

SEE ALSO

nmap(1), nikto(1), sqlmap(1), hydra(1), wireshark(1)

Copied to clipboard
Kai

AltStyle によって変換されたページ (->オリジナル) /