🔌 Plugins & Mixins¶

Metasploit's modular architecture allows it to be extended in two key ways: Plugins add high-level features to MSFconsole, while Mixins are Ruby modules that provide reusable functionality to exploit and auxiliary modules.

1️⃣ Plugins¶

Plugins extend MSFconsole with new commands and capabilities. They load into the running MSFconsole session and add new commands to the prompt.

Loading a Plugin¶

# Load a plugin
msf6 > load <plugin_name>

# Example: Load the Nessus plugin
msf6 > load nessus

# Example: Load the aggregator plugin
msf6 > load aggregator

Listing Available Plugins¶

Plugins are stored in /usr/share/metasploit-framework/plugins/. You can list them:

ls /usr/share/metasploit-framework/plugins/

Unloading a Plugin¶

msf6 > unload <plugin_name>

2️⃣ Useful Built-in Plugins¶

Plugin	Description	Key Commands
nessus	Integrates Nessus vulnerability scanner with Metasploit.	`nessus_connect`, `nessus_scan_new`, `nessus_report_hosts`
openvas	Integrates OpenVAS scanner.	`openvas_connect`, `openvas_scan`
pcap_log	Logs all network traffic generated by Metasploit to a PCAP file.	`pcap_filter`, `pcap_start`, `pcap_stop`
alias	Create command aliases for frequently used commands.	`alias set ll sessions -l`
token_adduser	Token manipulation for Windows privilege escalation.	`token_adduser`
wmap	Web application vulnerability scanner built into Metasploit.	`wmap_sites`, `wmap_targets`, `wmap_run`

Example: Using the WMAP Plugin¶

msf6 > load wmap

# Add a target site
msf6 > wmap_sites -a http://10.10.10.5

# Set the target
msf6 > wmap_targets -t http://10.10.10.5

# Run the scan
msf6 > wmap_run -e

# View results
msf6 > wmap_vulns -l

Example: Using the Alias Plugin¶

msf6 > load alias

# Create shortcuts for common commands
msf6 > alias set ll "sessions -l"
msf6 > alias set dc "db_connect"
msf6 > alias set hosts "hosts -c address,os_name,os_flavor"

# Now just type the alias
msf6 > ll

3️⃣ Mixins¶

Mixins are Ruby modules that provide reusable code to Metasploit modules. They are the building blocks that give exploit and auxiliary modules their functionality — things like making HTTP requests, sending TCP packets, parsing responses, and handling authentication.

How Mixins Work¶

In Ruby, a mixin is a module that gets "mixed into" a class using include. Metasploit modules include various mixins to gain specific capabilities:

class MetasploitModule < Msf::Exploit::Remote
  # These are mixins:
  include Msf::Exploit::Remote::HttpClient     # HTTP request methods
  include Msf::Exploit::Remote::Tcp            # Raw TCP socket methods
  include Msf::Auxiliary::Report               # Database reporting methods
  include Msf::Exploit::FileDropper            # Clean up dropped files
end

Common Mixins¶

Mixin	Purpose
`Msf::Exploit::Remote::HttpClient`	Send HTTP/HTTPS requests (`send_request_cgi`, `send_request_raw`).
`Msf::Exploit::Remote::Tcp`	Raw TCP socket operations.
`Msf::Exploit::Remote::Udp`	Raw UDP socket operations.
`Msf::Exploit::Remote::SMB::Client`	SMB protocol interaction.
`Msf::Exploit::Remote::FTP`	FTP protocol interaction.
`Msf::Auxiliary::Scanner`	Provides multi-threaded scanning (`RHOSTS`, `THREADS`).
`Msf::Auxiliary::Report`	Methods to store results in the database (`report_host`, `report_service`, `report_vuln`).
`Msf::Exploit::FileDropper`	Track files dropped on target and clean up post-exploitation.
`Msf::Exploit::EXE`	Generate executable payloads.
`Msf::Exploit::Powershell`	Generate and deliver PowerShell payloads.
`Msf::Post::Windows::Registry`	Read/write Windows registry.
`Msf::Post::Windows::Priv`	Check and escalate privileges on Windows.

Concept

Mixins are the reason Metasploit modules are relatively short. Instead of writing HTTP request logic from scratch, you include Msf::Exploit::Remote::HttpClient and gain access to send_request_cgi() — a method that handles cookies, headers, encoding, redirects, and SSL automatically.

4️⃣ Writing a Plugin¶

Custom plugins are Ruby scripts placed in ~/.msf4/plugins/:

# ~/.msf4/plugins/hello.rb
module Msf
  class Plugin::Hello < Msf::Plugin
    class HelloCommandDispatcher
      include Msf::Ui::Console::CommandDispatcher

      def name
        'Hello'
      end

      def commands
        { 'hello' => 'Say hello' }
      end

      def cmd_hello(*args)
        print_good("Hello from the custom plugin!")
      end
    end

    def initialize(framework, opts)
      super
      add_console_dispatcher(HelloCommandDispatcher)
      print_status("Hello plugin loaded.")
    end

    def cleanup
      remove_console_dispatcher('Hello')
    end

    def name
      'hello'
    end
  end
end

msf6 > load hello
[*] Hello plugin loaded.
msf6 > hello
[+] Hello from the custom plugin!

5️⃣ Gotchas¶

Note

Plugins persist only for the current session. When you exit MSFconsole, all loaded plugins are unloaded. To auto-load plugins, add load <plugin> to your ~/.msf4/msfconsole.rc file.

Note

Mixins are for module developers. If you're only using MSFconsole as a penetration tester (not writing custom modules), you don't need to interact with mixins directly. They work behind the scenes.

Note

Plugin compatibility. Not all plugins work with every version of Metasploit. If a plugin fails to load, check for Ruby version compatibility and Metasploit API changes.

Warning

Custom plugins and modules can execute arbitrary Ruby code on your system. Only install plugins from trusted sources.