Managing Metasploit

Pro Console Commands

This is a list of common Pro Console commands that you can use as a quick reference. If something is not listed here, type help in the console for a list of all options.

Launch Metasploit

The following commands launch and quit Metasploit.

Launch on Windows

1
$ msf > cd /metasploit
2
$ msf > console.bat

Launch on Linux

1
$ msf > cd /opt/metasploit
2
$ msf > sudo msfpro

Quit

1
$ msf > quit

See Available Commands

1
$ msf > help

You can prepend help to any command to see a list of options available.

1
msf > help handler
2
3
Usage: handler [options]
4
Spin up a Payload Handler as a background job.
5
OPTIONS:
6
7
-H <opt> The RHOST/LHOST to configure the handler for
8
-P <opt> The RPORT/LPORT to configure the handler for
9
-e <opt> An Encoder to use for Payload Stage Encoding
10
-h Help Banner
11
-n <opt> The custom name to give the handler job
12
-p <opt> The payload to configure the handler for
13
-x Shut the Handler down after a session is established
14
15
16
msf > help workspace
17
18
Usage:
19
workspace List workspaces
20
workspace -v List workspaces verbosely
21
workspace [name] Switch workspace
22
workspace -a [name] ... Add workspace(s)
23
workspace -d [name] ... Delete workspace(s)
24
workspace -D Delete all workspaces
25
workspace -r <old> <new> Rename workspace
26
workspace -h Show this help information

Pro Help Page

These are all the options available from $ msf > help.

1
msf > help
2
3
Core Commands
4
=============
5
6
Command Description
7
------- -----------
8
? Help menu
9
banner Display an awesome metasploit banner
10
cd Change the current working directory
11
color Toggle color
12
connect Communicate with a host
13
exit Exit the console
14
get Gets the value of a context-specific variable
15
getg Gets the value of a global variable
16
grep Grep the output of another command
17
help Help menu
18
history Show command history
19
load Load a framework plugin
20
quit Exit the console
21
repeat Repeat a list of commands
22
route Route traffic through a session
23
save Saves the active datastores
24
sessions Dump session listings and display information about sessions
25
set Sets a context-specific variable to a value
26
setg Sets a global variable to a value
27
sleep Do nothing for the specified number of seconds
28
spool Write console output into a file as well the screen
29
threads View and manipulate background threads
30
unload Unload a framework plugin
31
unset Unsets one or more context-specific variables
32
unsetg Unsets one or more global variables
33
version Show the framework and console library version numbers
34
35
36
Module Commands
37
===============
38
39
Command Description
40
------- -----------
41
advanced Displays advanced options for one or more modules
42
back Move back from the current context
43
info Displays information about one or more modules
44
loadpath Searches for and loads modules from a path
45
options Displays global options or for one or more modules
46
popm Pops the latest module off the stack and makes it active
47
previous Sets the previously loaded module as the current module
48
pushm Pushes the active or list of modules onto the module stack
49
reload_all Reloads all modules from all defined module paths
50
search Searches module names and descriptions
51
show Displays modules of a given type, or all modules
52
use Interact with a module by name or search term/index
53
54
55
Job Commands
56
============
57
58
Command Description
59
------- -----------
60
handler Start a payload handler as job
61
jobs Displays and manages jobs
62
kill Kill a job
63
rename_job Rename a job
64
65
66
Resource Script Commands
67
========================
68
69
Command Description
70
------- -----------
71
makerc Save commands entered since start to a file
72
resource Run the commands stored in a file
73
74
75
Developer Commands
76
==================
77
78
Command Description
79
------- -----------
80
edit Edit the current module or a file with the preferred editor
81
irb Open an interactive Ruby shell in the current context
82
log Display framework.log paged to the end if possible
83
pry Open the Pry debugger on the current module or Framework
84
reload_lib Reload Ruby library files from specified paths
85
86
87
Database Backend Commands
88
=========================
89
90
Command Description
91
------- -----------
92
analyze Analyze database information about a specific address or address range
93
db_connect Connect to an existing database
94
db_disconnect Disconnect from the current database instance
95
db_export Export a file containing the contents of the database
96
db_import Import a scan result file (filetype will be auto-detected)
97
db_nmap Executes nmap and records the output automatically
98
db_rebuild_cache Rebuilds the database-stored module cache
99
db_status Show the current database status
100
hosts List all hosts in the database
101
loot List all loot in the database
102
notes List all notes in the database
103
services List all services in the database
104
vulns List all vulnerabilities in the database
105
workspace Switch between database workspaces
106
107
108
Credentials Backend Commands
109
============================
110
111
Command Description
112
------- -----------
113
creds List all credentials in the database

Logs

The following commands allow you to control the logging from Metasploit Pro.

Logging Input and Output from the Console

Use the ConsoleLogging option to store information that the Pro Console inputs and outputs into a log.

1
msf-pro > setg ConsoleLogging y
2
Console logging is now enabled.

Changing the Log Verbosity

Use the LogLevel option to set the verbosity of the logs. Set the value between 1 and 5.

1
msf-pro > setg LogLevel 3
2
LogLevel => 3

Logging Input and Output for a Session

Use the SessionLogging option to store information that msfconsole inputs and outputs about a session into a log.

1
msf-pro > setg SessionLogging y
2
Session logging will be enabled for future sessions.

Users

The following commands relate to user management.

Change the Current User

Use the pro_user command and supply the user name as the argument to change the current user.

1
msf-pro > pro_user joe
2
{*} Changed pro_user to joe

View a List of Users

Use the pro_user command and the -l option to view a list of users.

1
msf-pro > pro_user -l
2
Username Full Name Email Admin?
3
======== ========= ===== ======
4
joe
5
john

Running Services

To stop, start or restart services, use the ctlscript.sh script.

1
msadmin@ubuntu:~$ sudo '/opt/metasploit/ctlscript.sh'
2
usage: /opt/metasploit/ctlscript.sh help
3
/opt/metasploit/ctlscript.sh (start|stop|restart|status)
4
/opt/metasploit/ctlscript.sh (start|stop|restart|status) postgresql
5
/opt/metasploit/ctlscript.sh (start|stop|restart|status) prosvc
6
/opt/metasploit/ctlscript.sh (start|stop|restart|status) metasploit
7
/opt/metasploit/ctlscript.sh (start|stop|restart|status) worker
8
9
help - this screen
10
start - start the service(s)
11
stop - stop the service(s)
12
restart - restart or start the service(s)
13
status - show the status of the service(s)### To start

To start Metasploit:

/opt/metasploit/ctlscript.sh start

To start a specific service:

/opt/metasploit/ctlscript.sh start worker

Chain Commands

Use the argument -- -x to chain commands together. This works only when launching Metasploit Pro. The argument will not work in an existing Metasploit Pro session. Use ; to chain the commands together.

1
$ sudo /opt/metasploit/msfpro -- -x 'setg lhost 1.2.3.4'
2
$ sudo /opt/metasploit/msfpro -x 'use multi/handler; set lport 3333; set lhost eth0'

If you are missing the extra two dashes, -- -x, the command fails with the error invalid option: -x (OptionParser::InvalidOption).

Exploits

These commands are related to automated exploits and manual exploits.

Automated Exploits

Automated exploits choose the exploit based on host and vulnerability data.

Run an automated exploit Pass in the host IP address as the option.

1
msf-pro > pro_exploit 192.168.184.139

Define a Host Blacklist for an Automated Exploit Use the -b option to define a blacklist.

1
msf-pro > pro_exploit 192.168.184.0/24 -b 192.168.184.138

Define a Port Blacklist for an Automated Exploit Use the pb option to specify a list of ports to exclude.

1
msf-pro > pro_exploit 192.168.184.0/24 -pb 22-23

Perform a Dry Run of an Automated Exploit Use the -d option to perform a dry run of the automated exploit.

1
msf-pro > pro_exploit 192.168.184.0/24 -d

Set the Application Evasion Level for an Automated Exploit Use the -ea option to set the evasion level for an automated exploit. You can assign an evasion level of 'none', 'low', 'medium', and 'high'.

1
msf-pro > pro_exploit 192.168.184.0/24 -ea low

Set the TCP Evasion Level

Use the -et option to set the TCP evasion level. You can assign an evasion level of 'none', 'low', 'medium', and 'high'.

1
msf-pro > pro_exploit 192.168.184.0/24 -ea low

Set the Payload Connection Type

Use the -m option to set the payload type for an automated exploit. The payload types are auto, bind, and reverse

1
msf-pro > pro_exploit 192.168.184.0/24 -m bind

Set the Minimum Rank

Use the -r option to set the payload type for an automated exploit. The minimum rank settings are 'low', 'average', 'normal', 'good', 'great', and 'excellent'.

1
msf-pro > pro_exploit 192.168.184.0/24 -r good

Manual Exploits

Manual exploits are exploits that you configure to run against a target.

Search Use the search command along with the search operator to search for a module

1
msf-pro > search platform:Windows
2
msf-pro > search type:exploit
3
msf-pro > search author:hd
4
msf-pro > search app:client
5
msf-pro > search name:ms08-067

Show All Exploit Modules

Use the show command to view a list of the exploits that are available. This command will take a long time since there are thousands of exploit modules available.

1
msf-pro > show exploits

Load a Module Use the use command to load an exploit module.

1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) >

Reset the command prompt Use the back command to reset the prompt and to remove the module that is currently loaded.

1
msf-pro exploit (ms04_045_wins) > back
2
msf-pro >

Show Module Options Use the show command to view a list of options that are available for a particular module.

1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) > show options

Show Required Options To find out what options are required, you can use the show missing command.

1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) > show missing

Show Advanced Options

Use the show command to view a list of advanced options that are available for an exploit module.

1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) > show advanced

Set Options Use the set command to configure options for a module. You need to specify the option name and the option value, as shown below:

1
msf-pro exploit (ms04_045_wins) > show options
2
3
Name Current Setting Required Description
4
---- ------- ------- -------- ------------
5
RHOST
6
RPORT 445
7
8
msf-pro exploit (ms04_045_wins) > set RHOST 192.168.55.1

Show Module Targets Use the show targets command to view a list of potentially vulnerable targets.

1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) > show targets
3
4
Exploit targets:
5
Id Name
6
-- -----
7
0 Windows 2000 English

Check Target Vulnerability Use the check command to determine if a target is vulnerable to a particular exploit.

1
msf-pro > use exploit/windows/smb/ms08_067_netapi
2
msf-pro exploit (ms08_067_netapi) > check 192.168.55.1
3
[+] 192.168.55.1:445 - the target is vulnerable.

Set the Exploit Target

Use the set target command to specify a target for the exploit.

1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) > show targets
3
4
Exploit targets:
5
Id Name
6
-- -----
7
0 Windows 2000 English
8
9
msf-pro exploit (ms04_045_wins) > set target 0

Run an Exploit Use the exploit or run command to run an exploit module.

1
msf-pro > use exploit/windows/wins/ms04_045_wins
2
msf-pro exploit (ms04_045_wins) > run

Reload an Exploit

Use the reload command to refresh the metadata and methods for an exploit.

1
msf-pro exploit (ms04_045_wins) > reload

Host

The following commands are related to hosts.

Discovery Scan

Use the pro_discover command to perform a discovery scan.

1
msf-pro > pro_discover 192.168.0.1

Run a Credentialed Scan

Use the following command if you have SMB credentials that you want to specify for Windows hosts.

  • -sd option defines the SMB domain.
  • -su option specifies the user name.
  • -sp option specifies the password.
1
msf-pro > pro_discover 192.168.0.1 -sd workgroup -su root -sp root

View Hosts

Use the hosts command to view a list of hosts that the database contains.

1
msf-pro > hosts

Add a Host

Use the hosts command and the -a option to add a host to the current workspace.

1
msf-pro > hosts -a 192.168.0.3

Delete a Host

Use the hosts command and the -d option to delete a host from the current workspace:

1
msf-pro > hosts -d 192.168.0.3

Connect to a Host

Use the connect command to communicate with a host. You must supply the host address and port that you want to connect to.

1
msf-pro > connect 192.168.0.1 22

View Hosts That Are Up

Use the hosts command and the -u option to view a list of hosts that are up.

1
msf-pro > hosts -u

Projects

The following commands are related to managing projects in Metasploit Pro.

Create a Project

Use the pro_project command and the -a option to create a project. The project that you create becomes the current project.

1
msf-pro > pro_project -a HR

View the Current Project

Use the pro_project command to view the current project.

1
msf-pro > pro_project

Change Project

Use the pro_project command to change the current project

If you need to specify a project that contains spaces, you must enclose the project name in quotes. For example, use pro_project “IT Dept”.

1
msf-pro > pro_project HR

Delete a Project

Use the -d option to delete a project. This deletes the project, which includes the hosts, credentials, evidence, and any other data related to the project.

1
msf-pro > pro_project -d ACC