The Metasploit Framework is the industry standard for penetration testing and exploit development. Mastery of its command-line interface (msfconsole) is essential for locating vulnerabilities and managing compromised systems.
Here are the top 10 Metasploit commands every security professional must know. 1. search
Locates specific modules, exploits, payloads, or plugins within the Metasploit database.
Why it matters: It saves time by filtering thousands of modules using keywords, CVE IDs, platform names, or module types. Example: search cve:2020 platform:windows type:exploit 2. use
Selects and activates a specific module for configuration and execution.
Why it matters: It shifts your active context to the chosen exploit, auxiliary tool, or post-exploitation module. Example: use exploit/windows/smb/ms17_010_eternalblue 3. show
Displays lists of available modules, options, targets, or advanced configurations.
Why it matters: It changes dynamically based on context, showing you global settings or specific module requirements. Example: show options or show payloads 4. set / setg
Assigns values to specific variables required by a module (set) or globally across all modules (setg).
Why it matters: It configures critical attack parameters like the target IP address (RHOSTS) and your listening IP (LHOST). Example: set RHOSTS 192.168.1.50 or setg LHOST 192.168.1.20 5. check
Tests whether a target system is vulnerable to a selected exploit without actually executing the attack.
Why it matters: It prevents unnecessary system crashes or detection by checking patch levels safely. Example: check 6. exploit / run Triggers the execution of the currently configured module.
Why it matters: exploit is traditionally used to launch attacks, while run is used for auxiliary scanners, but they are generally interchangeable.
Example: exploit -z (runs the exploit in the background upon success) 7. sessions
Lists, interacts with, or kills active communication channels established with compromised targets.
Why it matters: It allows you to switch between multiple compromised machines and background or foreground active shells. Example: sessions -i 1 (interacts with session ID 1) 8. getuid
Displays the username and privilege level under which the Metasploit payload is running on the target system.
Why it matters: It tells you immediately if you have standard user access or full administrative/root privileges (like NT AUTHORITY\SYSTEM). Example: getuid (Meterpreter context) 9. sysinfo
Gathers vital statistics about the compromised machine, including OS version, architecture, and language.
Why it matters: It provides the foundational information needed to select post-exploitation tools or privilege escalation exploits. Example: sysinfo (Meterpreter context) 10. hashdump
Extracts local user account password hashes from the target database (like the SAM database on Windows).
Why it matters: It allows you to harvest credentials for offline cracking or to perform “Pass-the-Hash” attacks to move laterally through a network. Example: hashdump (Meterpreter context) To help tailor your learning, tell me:
What operating system (Windows, Linux, etc.) are you practicing on?
Leave a Reply