Managing Metasploit

Pro Console Commands

This is a list of common Pro Console commands that you can use as a quick reference. If something is not listed here, type help in the console for a list of all options.

Launch Metasploit

The following commands launch and quit Metasploit.

Launch on Windows

 
1
$ msf > cd /metasploit
2
$ msf > console.bat

Launch on Linux

 
1
$ msf > cd /opt/metasploit
2
$ msf > sudo msfpro

Quit

 
1
$ msf > quit

See Available Commands

 
1
$ msf > help

You can prepend help to any command to see a list of options available.

 
1
msf > help handler
2

3
Usage: handler [options]
4
Spin up a Payload Handler as a background job.
5
OPTIONS:
6

7
    -H <opt>  The RHOST/LHOST to configure the handler for
8
    -P <opt>  The RPORT/LPORT to configure the handler for
9
    -e <opt>  An Encoder to use for Payload Stage Encoding
10
    -h        Help Banner
11
    -n <opt>  The custom name to give the handler job
12
    -p <opt>  The payload to configure the handler for
13
    -x        Shut the Handler down after a session is established
14

15

16
msf > help workspace
17

18
Usage:
19
    workspace                  List workspaces
20
    workspace -v               List workspaces verbosely
21
    workspace [name]           Switch workspace
22
    workspace -a [name] ...    Add workspace(s)
23
    workspace -d [name] ...    Delete workspace(s)
24
    workspace -D               Delete all workspaces
25
    workspace -r <old> <new>   Rename workspace
26
    workspace -h               Show this help information

Pro Help Page

These are all the options available from $ msf > help.

 
1
msf > help
2

3
Core Commands
4
=============
5

6
    Command       Description
7
    -------       -----------
8
    ?             Help menu
9
    banner        Display an awesome metasploit banner
10
    cd            Change the current working directory
11
    color         Toggle color
12
    connect       Communicate with a host
13
    exit          Exit the console
14
    get           Gets the value of a context-specific variable
15
    getg          Gets the value of a global variable
16
    grep          Grep the output of another command
17
    help          Help menu
18
    history       Show command history
19
    load          Load a framework plugin
20
    quit          Exit the console
21
    repeat        Repeat a list of commands
22
    route         Route traffic through a session
23
    save          Saves the active datastores
24
    sessions      Dump session listings and display information about sessions
25
    set           Sets a context-specific variable to a value
26
    setg          Sets a global variable to a value
27
    sleep         Do nothing for the specified number of seconds
28
    spool         Write console output into a file as well the screen
29
    threads       View and manipulate background threads
30
    unload        Unload a framework plugin
31
    unset         Unsets one or more context-specific variables
32
    unsetg        Unsets one or more global variables
33
    version       Show the framework and console library version numbers
34

35

36
Module Commands
37
===============
38

39
    Command       Description
40
    -------       -----------
41
    advanced      Displays advanced options for one or more modules
42
    back          Move back from the current context
43
    info          Displays information about one or more modules
44
    loadpath      Searches for and loads modules from a path
45
    options       Displays global options or for one or more modules
46
    popm          Pops the latest module off the stack and makes it active
47
    previous      Sets the previously loaded module as the current module
48
    pushm         Pushes the active or list of modules onto the module stack
49
    reload_all    Reloads all modules from all defined module paths
50
    search        Searches module names and descriptions
51
    show          Displays modules of a given type, or all modules
52
    use           Interact with a module by name or search term/index
53

54

55
Job Commands
56
============
57

58
    Command       Description
59
    -------       -----------
60
    handler       Start a payload handler as job
61
    jobs          Displays and manages jobs
62
    kill          Kill a job
63
    rename_job    Rename a job
64

65

66
Resource Script Commands
67
========================
68

69
    Command       Description
70
    -------       -----------
71
    makerc        Save commands entered since start to a file
72
    resource      Run the commands stored in a file
73

74

75
Developer Commands
76
==================
77

78
    Command       Description
79
    -------       -----------
80
    edit          Edit the current module or a file with the preferred editor
81
    irb           Open an interactive Ruby shell in the current context
82
    log           Display framework.log paged to the end if possible
83
    pry           Open the Pry debugger on the current module or Framework
84
    reload_lib    Reload Ruby library files from specified paths
85

86

87
Database Backend Commands
88
=========================
89

90
    Command           Description
91
    -------           -----------
92
    analyze           Analyze database information about a specific address or address range
93
    db_connect        Connect to an existing database
94
    db_disconnect     Disconnect from the current database instance
95
    db_export         Export a file containing the contents of the database
96
    db_import         Import a scan result file (filetype will be auto-detected)
97
    db_nmap           Executes nmap and records the output automatically
98
    db_rebuild_cache  Rebuilds the database-stored module cache
99
    db_status         Show the current database status
100
    hosts             List all hosts in the database
101
    loot              List all loot in the database
102
    notes             List all notes in the database
103
    services          List all services in the database
104
    vulns             List all vulnerabilities in the database
105
    workspace         Switch between database workspaces
106

107

108
Credentials Backend Commands
109
============================
110

111
    Command       Description
112
    -------       -----------
113
    creds         List all credentials in the database

Logs

The following commands allow you to control the logging from Metasploit Pro.

Logging Input and Output from the Console

Use the ConsoleLogging option to store information that the Pro Console inputs and outputs into a log.

 
1
msf-pro > setg ConsoleLogging y
2
Console logging is now enabled.

Changing the Log Verbosity

Use the LogLevel option to set the verbosity of the logs. Set the value between 1 and 5.

 
1
msf-pro > setg LogLevel 3
2
LogLevel => 3

Logging Input and Output for a Session

Use the SessionLogging option to store information that msfconsole inputs and outputs about a session into a log.

 
1
msf-pro > setg SessionLogging y
2
Session logging will be enabled for future sessions.

Users

The following commands relate to user management.

Change the Current User

Use the pro_user command and supply the user name as the argument to change the current user.

 
1
msf-pro > pro_user joe
2
{*} Changed pro_user to joe

View a List of Users

Use the pro_user command and the -l option to view a list of users.

 
1
msf-pro > pro_user -l
2
Username Full Name Email Admin?
3
======== ========= ===== ======
4
joe
5
john

Running Services

To stop, start or restart services, use the ctlscript.sh script.

 
1
msadmin@ubuntu:~$ sudo '/opt/metasploit/ctlscript.sh' 
2
usage: /opt/metasploit/ctlscript.sh help
3
       /opt/metasploit/ctlscript.sh (start|stop|restart|status)
4
       /opt/metasploit/ctlscript.sh (start|stop|restart|status) postgresql
5
       /opt/metasploit/ctlscript.sh (start|stop|restart|status) prosvc
6
       /opt/metasploit/ctlscript.sh (start|stop|restart|status) metasploit
7
       /opt/metasploit/ctlscript.sh (start|stop|restart|status) worker
8

9
help       - this screen
10
start      - start the service(s)
11
stop       - stop  the service(s)
12
restart    - restart or start the service(s)
13
status     - show the status of the service(s)### To start 

To start Metasploit:

/opt/metasploit/ctlscript.sh start

To start a specific service:

/opt/metasploit/ctlscript.sh start worker

Chain Commands

Use the argument -- -x to chain commands together. This works only when launching Metasploit Pro. The argument will not work in an existing Metasploit Pro session. Use ; to chain the commands together.

 
1
$ sudo /opt/metasploit/msfpro -- -x 'setg lhost 1.2.3.4'
2
$ sudo /opt/metasploit/msfpro -x 'use multi/handler; set lport 3333; set lhost eth0'

If you are missing the extra two dashes, -- -x, the command fails with the error invalid option: -x (OptionParser::InvalidOption).

Exploits

These commands are related to automated exploits and manual exploits.

Automated Exploits

Automated exploits choose the exploit based on host and vulnerability data.

Run an automated exploit Pass in the host IP address as the option.

 
1
msf-pro > pro_exploit 192.168.184.139

Define a Host Blacklist for an Automated Exploit Use the -b option to define a blacklist.

 
1
msf-pro > pro_exploit 192.168.184.0/24 -b 192.168.184.138

Define a Port Blacklist for an Automated Exploit Use the pb option to specify a list of ports to exclude.

 
1
msf-pro > pro_exploit 192.168.184.0/24 -pb 22-23

Perform a Dry Run of an Automated Exploit Use the -d option to perform a dry run of the automated exploit.

 
1
msf-pro > pro_exploit 192.168.184.0/24 -d

Set the Application Evasion Level for an Automated Exploit Use the -ea option to set the evasion level for an automated exploit. You can assign an evasion level of 'none', 'low', 'medium', and 'high'.

 
1
msf-pro > pro_exploit 192.168.184.0/24 -ea low

Set the TCP Evasion Level

Use the -et option to set the TCP evasion level. You can assign an evasion level of 'none', 'low', 'medium', and 'high'.

 
1
msf-pro > pro_exploit 192.168.184.0/24 -ea low

Set the Payload Connection Type

Use the -m option to set the payload type for an automated exploit. The payload types are auto, bind, and reverse

 
1
msf-pro > pro_exploit 192.168.184.0/24 -m bind

Set the Minimum Rank

Use the -r option to set the payload type for an automated exploit. The minimum rank settings are 'low', 'average', 'normal', 'good', 'great', and 'excellent'.

 
1
msf-pro > pro_exploit 192.168.184.0/24 -r good

Manual Exploits

Manual exploits are exploits that you configure to run against a target.

Search Use the search command along with the search operator to search for a module

 
1
msf-pro > search platform:Windows
2
msf-pro > search type:exploit
3
msf-pro > search author:hd
4
msf-pro > search app:client
5
msf-pro > search name:ms08-067

Show All Exploit Modules

Use the show command to view a list of the exploits that are available. This command will take a long time since there are thousands of exploit modules available.

 
1
msf-pro > show exploits

Load a Module Use the use command to load an exploit module.

 
1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) >

Reset the command prompt Use the back command to reset the prompt and to remove the module that is currently loaded.

 
1
msf-pro exploit (ms04_045_wins) > back
2
msf-pro >

Show Module Options Use the show command to view a list of options that are available for a particular module.

 
1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) > show options

Show Required Options To find out what options are required, you can use the show missing command.

 
1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) > show missing

Show Advanced Options

Use the show command to view a list of advanced options that are available for an exploit module.

 
1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) > show advanced

Set Options Use the set command to configure options for a module. You need to specify the option name and the option value, as shown below:

 
1
msf-pro exploit (ms04_045_wins) > show options
2
 
3
Name Current Setting Required Description
4
---- ------- ------- -------- ------------
5
RHOST
6
RPORT 445
7
 
8
msf-pro exploit (ms04_045_wins) > set RHOST 192.168.55.1

Show Module Targets Use the show targets command to view a list of potentially vulnerable targets.

 
1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) > show targets
3
 
4
Exploit targets:
5
Id Name
6
-- -----
7
0 Windows 2000 English

Check Target Vulnerability Use the check command to determine if a target is vulnerable to a particular exploit.

 
1
msf-pro > use exploit/windows/smb/ms08_067_netapi
2
msf-pro exploit (ms08_067_netapi) > check 192.168.55.1
3
[+] 192.168.55.1:445 - the target is vulnerable.

Set the Exploit Target

Use the set target command to specify a target for the exploit.

 
1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) > show targets
3
 
4
Exploit targets:
5
Id Name
6
-- -----
7
0 Windows 2000 English
8
 
9
msf-pro exploit (ms04_045_wins) > set target 0

Run an Exploit Use the exploit or run command to run an exploit module.

 
1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) > run

Reload an Exploit

Use the reload command to refresh the metadata and methods for an exploit.

 
1
msf-pro exploit (ms04_045_wins) > reload

Host

The following commands are related to hosts.

Discovery Scan

Use the pro_discover command to perform a discovery scan.

 
1
msf-pro > pro_discover 192.168.0.1

Run a Credentialed Scan

Use the following command if you have SMB credentials that you want to specify for Windows hosts.

• -sd option defines the SMB domain.
• -su option specifies the user name.
• -sp option specifies the password.

 
1
msf-pro > pro_discover 192.168.0.1 -sd workgroup -su root -sp root

View Hosts

Use the hosts command to view a list of hosts that the database contains.

 
1
msf-pro > hosts

Add a Host

Use the hosts command and the -a option to add a host to the current workspace.

 
1
msf-pro > hosts -a 192.168.0.3

Delete a Host

Use the hosts command and the -d option to delete a host from the current workspace:

 
1
msf-pro > hosts -d 192.168.0.3

Connect to a Host

Use the connect command to communicate with a host. You must supply the host address and port that you want to connect to.

 
1
msf-pro > connect 192.168.0.1 22

View Hosts That Are Up

Use the hosts command and the -u option to view a list of hosts that are up.

 
1
msf-pro > hosts -u

Projects

The following commands are related to managing projects in Metasploit Pro.

Create a Project

Use the pro_project command and the -a option to create a project. The project that you create becomes the current project.

 
1
msf-pro > pro_project -a HR

View the Current Project

Use the pro_project command to view the current project.

 
1
msf-pro > pro_project

Change Project

Use the pro_project command to change the current project

If you need to specify a project that contains spaces, you must enclose the project name in quotes. For example, use pro_project “IT Dept”.

 
1
msf-pro > pro_project HR

Delete a Project

Use the -d option to delete a project. This deletes the project, which includes the hosts, credentials, evidence, and any other data related to the project.

 
1
msf-pro > pro_project -d ACC