Metasploit Cheat Sheet

Metasploit Cheat Sheet

by Tim Keary

Widely reputed as the most used penetration testing framework, Metasploit helps security teams identify and verify vulnerabilities, improve security awareness and manage gnarly security situations. We've scoured through the docs and have put together the essential list of commands in a easy to reference Metasploit cheat sheet.

What’s included in the cheat sheet

The following categories and items have been included in the cheat sheet:

Framework Components

Framework Components
Metasploit MeterpreterRun as a DLL injection payload on a target PC providing control over the target system
Metasploit msfvenomHelp create standalone payloads as executable, Ruby script, or shellcode

Meterpreter commands

Meterpreter commands
Basic and file handling commands
sysinfoDisplay system information
psList and display running processes
kill (PID)Terminate a running process
getuidDisplay user ID
upload or downloadUpload / download a file
pwd or lpwdPrint working directory (local / remote)
cd or lcdChange directory (local or remote)
catDisplay file content
bglistShow background running scripts
bgrunMake a script run in background
BgkillTerminate a background process
backgroundMove active session to background
edit Edit a file in vi editor
shellAccess shell on the target machine
migrate Switch to another process
idletimeDisplay idle time of user
screenshotTake a screenshot
clearevClear the system logs
? or Help Shoes all the commands
exit / quit: Exit the Meterpreter session
shutdown / rebootRestart system
useExtension load
channelShow active channels

Process handling commands

Process handling commands
getpid:Display the process ID
getuid:Display the user ID
ps: Display running processes
kill: Stop and terminate a process
getprivsShows multiple privileges as possible
reg Access target machine registry
ShellAccess target machine shell
execute: Run a specified
migrate: Move to a given destination process ID

Networking commands

Networking commands
ipconfig:Show network interface configuration
portfwd:Forward packets
route:View / edit network routing table

Interface / output commands

Interface / output commands
enumdesktopsShow all available desktops
getdesktopDisplay current desktop
keyscan_startStart keylogger in target machine
keyscan_stopStop keylogger in target machine
set_desktopConfigure desktop
keyscan_dumpDump keylogger content

Password management commands

Password management commands
hashdumpAccess content of password file - Hash file

Msfvenom command options

Msfvenom command options
-p-p (Payload option)Display payload standard options
-l-l( list type)List module type i.e payloads, encoders
-f-f (format)Output format
-e-e(encoder)Define which encoder to use
-a-a (Architecture or platformDefine which platform to use
-s-s (Space)Define maximum payload capacity
-b-b (characters)Define set of characters not to use
-i-i (Number of times)Define number of times to use encoder
-x-x (File name )Define a custom file to use as template
-o-o (output)Save a payload

You can download the Metasploit Cheat Sheet PDF.


September 9, 2019
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013

Privacy Preference Center


Cookies that are necessary for the site to function properly. This includes, storing the user's cookie consent state for the current domain, managing users carts to using the content network, Cloudflare, to identify trusted web traffic. See fullCookies declaration

gdpr, PYPF, woocommerce_cart_hash, woocommerce_items_in_cart, _wp_wocommerce_session, __cfduid [x2],


These are used to track user interaction and detect potential problems. These help us improve our services by providing analytical data on how users use this site.

_global_lucky_opt_out, _lo_np_, _lo_cid, _lo_uid, _lo_rid, _lo_v, __lotr
_ga, _gid, _gat, __utma, __utmt, __utmb, __utmc, __utmz


tr, fr