Metasploit Framework

Table of Contents

• Basic Operations
• Reconnaissance
• Framework Management
• Module Usage
• Session Management
• Database Operations
• Best Practices

Basic Operations

1. Framework Startup

   msfconsole           # Start the Metasploit Framework console
   msfdb init           # Initialize the database
   version              # Display framework version

2. Navigation

   help                 # Show help menu
   search <keyword>     # Search for modules
   use <module>         # Select a module
   info                 # Display module information

3. Module Settings

   show options         # Display module options
   set OPTION value    # Set an option
   unset OPTION        # Clear an option
   setg OPTION value   # Set global option
   save                # Save current config

Framework Management

workspace                   # List workspaces
workspace -a <name>        # Add workspace
workspace -d <name>        # Delete workspace
workspace <name>           # Switch workspace

db_status                  # Show database status
db_import <file>          # Import scan results
db_export -f <format>     # Export database
hosts                     # Show all hosts
services                  # Show all services

Module Usage

1. Module Types

   show exploits          # List exploit modules
   show payloads         # List payload modules
   show auxiliaries      # List auxiliary modules
   show encoders         # List encoder modules
   show nops             # List NOP modules

2. Module Operations

   use <module>          # Select module
   info                  # Show module information
   options              # Show module options
   run / exploit        # Execute module

Session Management

sessions -l             # List sessions
sessions -i <id>        # Interact with session
sessions -k <id>        # Terminate session
background             # Background current session

Database Operations

hosts                     # Show all hosts
hosts -a <address>       # Add host
hosts -d <address>       # Delete host
hosts -c <column>        # List specific column

services                 # Show all services
services -p <port>      # Filter by port
services -s <name>      # Filter by service

Best Practices

• Always obtain proper authorization before testing
• Document all testing activities
• Use isolated testing environments
• Regular framework and database updates
• Maintain detailed logs of all activities
• Follow security testing standards and compliance requirements

Professional Guidelines

1. Pre-Testing

   • Verify scope and authorization
   • Document testing boundaries
   • Set up isolated test environment
   • Review compliance requirements

2. During Testing

   • Maintain detailed logs
   • Monitor system impacts
   • Follow testing protocol
   • Document findings

3. Post-Testing

   • Clean up test artifacts
   • Document results
   • Provide recommendations
   • Secure sensitive data

Configuration Management

load <plugin>           # Load plugin
unload <plugin>         # Unload plugin
route                   # View route table
route add/remove        # Modify routing

Advanced Features

makerc <file>            # Save commands to resource file
resource <file>          # Run resource script

jobs                     # List jobs
jobs -k <id>            # Kill job
jobs -i <id>            # Info about job