Metasploit Cheat Sheet - Pentestmag

Metasploit Cheat Sheet


Metasploit Cheat Sheet

by Tim Keary

Widely reputed as the most used penetration testing framework, Metasploit helps security teams identify and verify vulnerabilities, improve security awareness and manage gnarly security situations. We've scoured through the docs and have put together the essential list of commands in a easy to reference Metasploit cheat sheet.

What’s included in the cheat sheet

The following categories and items have been included in the cheat sheet:

Framework Components

Framework Components
Metasploit Meterpreter Run as a DLL injection payload on a target PC providing control over the target system
Metasploit msfvenom Help create standalone payloads as executable, Ruby script, or shellcode

Meterpreter commands

Meterpreter commands
Basic and file handling commands
sysinfo Display system information
ps List and display running processes
kill (PID) Terminate a running process
getuid Display user ID
upload or download Upload / download a file
pwd or lpwd Print working directory (local / remote)
cd or lcd Change directory (local or remote)
cat Display file content
bglist Show background running scripts
bgrun Make a script run in background
Bgkill Terminate a background process
background Move active session to background
edit  Edit a file in vi editor
shell Access shell on the target machine
migrate  Switch to another process
idletime Display idle time of user
screenshot Take a screenshot
clearev Clear the system logs
? or Help  Shoes all the commands
exit / quit:  Exit the Meterpreter session
shutdown / reboot Restart system
use Extension load
channel Show active channels

Process handling commands

Process handling commands
Command Description
getpid: Display the process ID
getuid: Display the user ID
ps:  Display running processes
kill:  Stop and terminate a process
getprivs Shows multiple privileges as possible
reg  Access target machine registry
Shell Access target machine shell
execute:  Run a specified
migrate:  Move to a given destination process ID

Networking commands

Networking commands
ipconfig: Show network interface configuration
portfwd: Forward packets
route: View / edit network routing table

Interface / output commands

Interface / output commands
enumdesktops Show all available desktops
getdesktop Display current desktop
keyscan_start Start keylogger in target machine
keyscan_stop Stop keylogger in target machine
set_desktop Configure desktop
keyscan_dump Dump keylogger content

Password management commands

Password management commands
hashdump Access content of password file - Hash file

Msfvenom command options

Msfvenom command options
Switch Syntax Description
-p -p (Payload option) Display payload standard options
-l -l( list type) List module type i.e payloads, encoders
-f -f (format) Output format
-e -e(encoder) Define which encoder to use
-a -a (Architecture or platform Define which platform to use
-s -s (Space) Define maximum payload capacity
-b -b (characters) Define set of characters not to use
-i -i (Number of times) Define number of times to use encoder
-x -x (File name ) Define a custom file to use as template
-o -o (output) Save a payload
-h -h Help

You can download the Metasploit Cheat Sheet PDF.


September 9, 2019
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023