MSFconsole Commands
Command Description
show exploits Show all exploits within the Framework.
show payloads Show all payloads within the Framework.
show auxiliary Show all auxiliary modules within the Framework.
search <name> Search for exploits or modules within the Framework.
info Load information about a specific exploit or module.
use <name> Load an exploit or module (example: use windows/smb/psexec).
use <number> Load an exploit by using the index number displayed after the search command.
LHOST Your local host’s IP address reachable by the target, often the public IP address when not on a local network. Typically used for reverse shells.
RHOST The remote host or the target. set function Set a specific value (for example, LHOST or RHOST).
setg <function> Set a specific value globally (for example, LHOST or RHOST).
show options Show the options available for a module or exploit.
show targets Show the platforms supported by the exploit.
set target <number> Specify a specific target index if you know the OS and service pack.
set payload <payload> Specify the payload to use.
set payload <number> Specify the payload index number to use after the show payloads command.
show advanced Show advanced options.
set autorunscript migrate -f Automatically migrate to a separate process upon exploit completion.
check Determine whether a target is vulnerable to an attack.
exploit Execute the module or exploit and attack the target.
exploit -j Run the exploit under the context of the job. (This will run the exploit in the background.)
exploit -z Do not interact with the session after successful exploitation.
exploit -e <encoder> Specify the payload encoder to use (example: exploit –e shikata_ga_nai).
exploit -h Display help for the exploit command.
sessions -l List available sessions (used when handling multiple shells).
sessions -l -v List all available sessions and show verbose fields, such as which vulnerability was used when exploiting the system.
sessions -s <script> Run a specific Meterpreter script on all Meterpreter live sessions.
sessions -K Kill all live sessions.
sessions -c <cmd> Execute a command on all live Meterpreter sessions.
sessions -u <sessionID> Upgrade a normal Win32 shell to a Meterpreter console.
db_create <name> Create a database to use with database-driven attacks (example: db_create autopwn).
db_connect <name> Create and connect to a database for driven attacks (example: db_connect autopwn).
db_nmap Use Nmap and place results in a database. (Normal Nmap syntax is supported, such as –sT –v –P0.)
db_destroy Delete the current database.
db_destroy <user:password@host:port/database> Delete database using advanced options.