Metasploit Framework: open-source tool for automated vulnerability testing and exploit modules library for efficient penetration testing.

Metasploit Framework is a popular security tool designed to help security professionals test the security of their systems and identify vulnerabilities. The tool is an open-source project that is constantly updated and maintained by a large community of developers, making it a reliable and trustworthy tool for penetration testing and vulnerability assessment.

Metasploit Framework offers a wide range of features and capabilities that make it an indispensable tool for any security professional. One of the most notable features of Metasploit Framework is its ability to automate the process of finding and exploiting vulnerabilities. This saves time and effort for security professionals and makes it easier to identify potential security risks.

The tool also comes with a large library of exploit modules, payloads, and auxiliary modules that can be used to test different aspects of a system's security. These modules cover a wide range of vulnerabilities, including those in popular operating systems, web applications, and network protocols. Metasploit Framework also includes powerful post-exploitation modules that can be used to maintain access to a system after it has been compromised.

Another key feature of Metasploit Framework is its ability to generate detailed reports on the security posture of a system. This includes information on vulnerabilities, potential attack paths, and recommended remediation steps. These reports are essential for security professionals who need to provide clear and concise recommendations to their clients or management.

Metasploit Framework is also designed to be extensible, allowing developers to create their own modules and plugins to extend the functionality of the tool. This makes it a versatile tool that can be customized to meet the specific needs of different organizations and security teams.

Overall, Metasploit Framework is an essential tool for any security professional who needs to assess the security of their systems and identify potential vulnerabilities. With its extensive library of exploit modules, powerful automation features, and customizable architecture, Metasploit Framework is a must-have tool for any security toolkit.


:~# msfrpcd -h

Usage: msfrpcd <options>


    -P <opt>  Specify the password to access msfrpcd
    -S        Disable SSL on the RPC socket
    -U <opt>  Specify the username to access msfrpcd
    -a <opt>  Bind to this IP address
    -f        Run the daemon in the foreground
    -h        Help banner
    -n        Disable database
    -p <opt>  Bind to this port instead of 55553
    -t <opt>  Token Timeout (default 300 seconds
    -u <opt>  URI for Web server

One of the best sources of information on using the Metasploit Framework is Metasploit Unleashed, a free online course created by Offensive Security. Metasploit Unleashed guides you from the absolute basics of Metasploit all the way through to advanced topics.

Packages and Binaries:


The Metasploit Framework is an open source platform that supports vulnerability research, exploit development, and the creation of custom security tools.

Installed size: 470.91 MB How to install: sudo apt install metasploit-framework

  • bundler

  • curl

  • gcc-mingw-w64-i686-win32

  • gcc-mingw-w64-x86-64-win32

  • git

  • john

  • libc6

  • libffi8

  • libgcc-s1

  • libpcap0.8

  • libpq5

  • libruby3.1

  • libsqlite3-0

  • libssl3

  • libstdc++6

  • nasm

  • nmap

  • openssl

  • oracle-instantclient-basic

  • postgresql

  • python3

  • rake

  • ruby

  • ruby-json

  • wget


:~# msf-egghunter -h
Usage: msf-egghunter [options]
Example: msf-egghunter -f python -e W00T

Specific options:
    -f, --format <String>            See --list-formats for a list of supported output formats
    -b, --badchars <String>          (Optional) Bad characters to avoid for the egg
    -e, --egg <String>               The egg (Please give 4 bytes)
    -p, --platform <String>          (Optional) Platform
        --startreg <String>          (Optional) The starting register
        --forward                    (Optional) To search forward
        --depreg <String>            (Optional) The DEP register
        --depdest <String>           (Optional) The DEP destination
        --depsize <Integer>          (Optional) The DEP size
        --depmethod <String>         (Optional) The DEP method to use (virtualprotect/virtualalloc/copy/copy_size)
    -a, --arch <String>              (Optional) Architecture
        --list-formats               List all supported output formats
    -v, --var-name <name>            (Optional) Specify a custom variable name to use for certain output formats
    -h, --help                       Show this message


:~# msf-exe2vba -h
    Usage: msf-exe2vba [exe] [vba]


:~# msf-exe2vbs -h
    Usage: msf-exe2vbs [exe] [vbs]


:~# msf-find_badchars -h

    Usage: msf-find_badchars <options>


    -b   The list of characters to avoid: '\x00\xff'
    -h   Help banner
    -i   Read memory contents from the supplied file path
    -t   The format that the memory contents are in (empty to list)


:~# msf-halflm_second -h

    Usage: msf-halflm_second <options>


    -h   Display this help information
    -n   The encypted LM hash to crack
    -p   The decrypted LANMAN password for bytes 1-7
    -s   The server challenge (default value 1122334455667788)


:~# msf-hmac_sha1_crack -h

Usage: msf-hmac_sha1_crack hashes.txt <wordlist | - >
The format of hash file is <identifier>:<hex-salt>:<hash>


:~# msf-java_deserializer -h
Usage: msf-java_deserializer <file> [option]
    -a, --array=ID                   Print detailed information about content array
    -o, --object=ID                  Print detailed information about content object
    -h, --help                       Prints this help


:~# msf-jsobfu -h
Usage: msf-jsobfu [options]

Specific options:
    -t, --iteration <Integer>        Number of times to obfuscate the JavaScript
    -i, --input <String>             The JavaScript file you want to obfuscate (default=1)
    -o, --output <String>            Save the obfuscated file as
    -p id1,id2,                      The identifiers to preserve
    -h, --help                       Show this message



:~# msf-md5_lookup -h
Usage: msf-md5_lookup [options]

Specific options:
    -i, --input <file>               The file that contains all the MD5 hashes (one line per hash)
    -d, --databases <names>          (Optional) Select databases: all, authsecu, i337, md5_my_addr, md5_net, md5crack, md5cracker, md5decryption, md5online, md5pass, netmd5crack, tmto (Default=all)
    -o, --out <filepath>             (Optional) Save the results to a file (Default=md5_results.txt)
    -h, --help                       Show this message


:~# msf-metasm_shell -h

Usage: msf-metasm_shell <options>


    -a   The architecture to encode as (ARM, Ia32, MIPS, X86_64)
    -e   The endianess to encode as (big, little)
    -h   Display this help information



:~# msf-nasm_shell -h
0 bits not supported


:~# msf-pattern_create -h
Usage: msf-pattern_create [options]
Example: msf-pattern_create -l 50 -s ABC,def,123

    -l, --length <length>            The length of the pattern
    -s, --sets <ABC,def,123>         Custom Pattern Sets
    -h, --help                       Show this message


:~# msf-pattern_offset -h
Usage: msf-pattern_offset [options]
Example: msf-pattern_offset -q Aa3A
[*] Exact match at offset 9

    -q, --query Aa0A                 Query to Locate
    -l, --length <length>            The length of the pattern
    -s, --sets <ABC,def,123>         Custom Pattern Sets
    -h, --help                       Show this message


:~# msf-pdf2xdp -h
    Usage: msf-pdf2xdp input.pdf output.xdp


:~# msf-virustotal -h
Usage: msf-virustotal [options]

Specific options:
    -k <key>                         (Optional) Virusl API key to use
    -d <seconds>                     (Optional) Number of seconds to wait for the report
    -q                               (Optional) Do a hash search without uploading the sample
    -f <filenames>                   Files to scan

Common options:
    -h, --help                       Show this message


Metasploit Framework Console

:~# msfconsole -h
Usage: msfconsole [options]

Common options:
    -E, --environment ENVIRONMENT    Set Rails environment, defaults to RAIL_ENV environment variable or 'production'

Database options:
    -M, --migration-path DIRECTORY   Specify a directory containing additional DB migrations
    -n, --no-database                Disable database support
    -y, --yaml PATH                  Specify a YAML file containing database settings

Framework options:
    -c FILE                          Load the specified configuration file
    -v, -V, --version                Show version

Module options:
        --defer-module-loads         Defer module loading unless explicitly asked
    -m, --module-path DIRECTORY      Load an additional module path

Console options:
    -a, --ask                        Ask before exiting Metasploit or accept 'exit -y'
    -H, --history-file FILE          Save command history to the specified file
    -l, --logger STRING              Specify a logger to use (StdoutWithoutTimestamps, Stdout, Stderr, Flatfile, TimestampColorlessFlatfile)
    -L, --real-readline              Use the system Readline library instead of RbReadline
    -o, --output FILE                Output to the specified file
    -p, --plugin PLUGIN              Load a plugin on startup
    -q, --quiet                      Do not print the banner on startup
    -r, --resource FILE              Execute the specified resource file (- for stdin)
    -x, --execute-command COMMAND    Execute the specified console commands (use ; for multiples)
    -h, --help                       Show this message


:~# msfd -h

Usage: msfd <options>


    -a   Bind to this IP address instead of loopback
    -A   Specify list of hosts allowed to connect
    -D   Specify list of hosts not allowed to connect
    -f   Run the daemon in the foreground
    -h   Help banner
    -p   Bind to this port instead of 55554
    -q   Do not print the banner on startup
    -s   Use SSL


:~# msfdb -h

Manage the metasploit framework database

You can use an specific port number for the
PostgreSQL connection setting the PGPORT variable
in the current shell.

Example: PGPORT=5433 msfdb init

  msfdb init     # start and initialize the database
  msfdb reinit   # delete and reinitialize the database
  msfdb delete   # delete database and stop using it
  msfdb start    # start the database
  msfdb stop     # stop the database
  msfdb status   # check service status
  msfdb run      # start the database and run msfconsole


:~# msfrpc -h

Usage: msfrpc <options>


    -a   Connect to this IP address
    -h   Help banner
    -p   Connect to the specified port instead of 55553
    -P   Specify the password to access msfrpcd
    -S   Disable SSL on the RPC socket
    -U   Specify the username to access msfrpcd


:~# msfrpcd -h

Usage: msfrpcd <options>


    -a   Bind to this IP address (default:
    -c   (JSON-RPC) Path to certificate (default: /root/.msf4/msf-ws-cert.pem)
    -f   Run the daemon in the foreground
    -h   Help banner
    -j   (JSON-RPC) Start JSON-RPC server
    -k   (JSON-RPC) Path to private key (default: /root/.msf4/msf-ws-key.pem)
    -n   Disable database
    -p   Bind to this port (default: 55553)
    -P   Specify the password to access msfrpcd
    -S   Disable SSL on the RPC socket
    -t   Token Timeout seconds (default: 300)
    -U   Specify the username to access msfrpcd
    -u   URI for Web server
    -v   (JSON-RPC) SSL enable verify (optional) client cert requests


:~# msfupdate -h
msfupdate is no longer supported when Metasploit is part of the operating
system. Please use 'apt update; apt install metasploit-framework'


Payload Generator and Encoder

:~# msfvenom -h
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: /usr/bin/msfvenom [options] <var=val>
Example: /usr/bin/msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe

    -l, --list            <type>     List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all
    -p, --payload         <payload>  Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
        --list-options               List --payload <value>'s standard, advanced and evasion options
    -f, --format          <format>   Output format (use --list formats to list)
    -e, --encoder         <encoder>  The encoder to use (use --list encoders to list)
        --service-name    <value>    The service name to use when generating a service binary
        --sec-name        <value>    The new section name to use when generating large Windows binaries. Default: random 4-character alpha string
        --smallest                   Generate the smallest possible payload using all available encoders
        --encrypt         <value>    The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
        --encrypt-key     <value>    A key to be used for --encrypt
        --encrypt-iv      <value>    An initialization vector for --encrypt
    -a, --arch            <arch>     The architecture to use for --payload and --encoders (use --list archs to list)
        --platform        <platform> The platform for --payload (use --list platforms to list)
    -o, --out             <path>     Save the payload to a file
    -b, --bad-chars       <list>     Characters to avoid example: '\x00\xff'
    -n, --nopsled         <length>   Prepend a nopsled of [length] size on to the payload
        --pad-nops                   Use nopsled size specified by -n <length> as the total payload size, auto-prepending a nopsled of quantity (nops minus payload length)
    -s, --space           <length>   The maximum size of the resulting payload
        --encoder-space   <length>   The maximum size of the encoded payload (defaults to the -s value)
    -i, --iterations      <count>    The number of times to encode the payload
    -c, --add-code        <path>     Specify an additional win32 shellcode file to include
    -x, --template        <path>     Specify a custom executable file to use as a template
    -k, --keep                       Preserve the --template behaviour and inject the payload as a new thread
    -v, --var-name        <value>    Specify a custom variable name to use for certain output formats
    -t, --timeout         <second>   The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
    -h, --help                       Show this message

Updated on: 2023-Mar-08

Last updated