# Metasploit

## Upgrade

```
apt update; apt install metasploit-framework
```

## Msfconsole

```
msfconsole -q
```

### Exploit selection

#### Search

```
search platform:<windows/linux/macos> type:exploit name:<keyword>
```

Keywords:

```
  app       :  <client/server>
  author    :  <author>
  bid       :  <bugtrack ID>
  cve       :  <CVE code>
  edb       :  <exploit-db code>
  name      :  <keyword>
  platform  :  <windows/linux/macos/...>
  ref       :  Modules with a matching ref
  type      :  <exploit/auxiliary/post>
```

#### Show

```
show            #show all modules
show auxiliary  #recon        
show exploits   #exploit modules
show payloads   #payloads to be deployed by the exploit
show post       #post-exploitation modules
```

### Exploit configuration

#### Show details

```
info <exploit full path or number>
use <exploit>
show options    #show options of exploit in use
show payloads   #show a list of compatible payloads
show targets    #show a list of compatible OS versions and configurations
show advanced   #show exploit's advanced options
show evasion    #show evasion settings
show all        #show options and description of exploit in use
```

#### Set options

```
set <option> <value>     #set an option for current payload/exploit
setg <option> <value>    #set a global option valid for all payloads/exploits
unset <option>
unsetg <option>
unset all
unsetg all
```

Generally it is required to select a payload by running **set payload \<payload>**. To see a list of compatible payloads run **show payloads.** Some exploits require to specify a target, in order to do so run **set target \<target>**, a list of targets is provided by running **show targets**. By default the exploit may try to pick the most suitable target by guessing from other user-set options or during exploitation phase.

### Execution and sessions

#### Payload execution

```
exploit    #run selected exploit
exploit -j #run exploit in background
run        #execute select auxiliary payload
check      #if available check if the target is vulnerable to the current exploit
```

#### Sessions

```
jobs                #list all running processes
jobs -K             #kill all jobs
jobs -k <name>      #kill the given job
sessions -l         #list open connections with remote hosts
sessions -i <id>    #switch to selected remote shell
```

### Handlers

Listens for a connection from a remote host to the specified port. Useful when running exploits not generated by msf or waiting for a backdoor to come online.

```
use exploit/multi/handler
set PAYLOAD <payload>
set LHOST <local ip>
set LPORT <port>
exploit -j
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://security-notes.gitbook.io/security-notes/resources/metasploit.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.