Metasploit

Core Commands

Command       CN                      Description
-------       --                      -----------
?             # 帮助文档               Help menu  
banner        # 显示一个超棒的banner   Display an awesome metasploit banner  
cd            # 改变工作目录           Change the current working directory
color         # 切换颜色              Toggle color  
connect       # 连接主机              Communicate with a host  
debug         # 显示有用的调试信息     Display information useful for debugging  
exit          # 退出                  Exit the console  
features      # 尝鲜                  Display the list of not yet released features that can be opted in to
get           # 获取特殊变量           Gets the value of a context-specific variable
getg          # 获取全局变量           Gets the value of a global variable
grep          # 获取其他命令输出        Grep the output of another command
help          # 帮助文档               Help menu
history       # 显示历史命令           Show command history
load          # 加载框架插件           Load a framework plugin
quit          # 退出                  Exit the console
repeat        # 重复列表命令           Repeat a list of commands
route         # 通过session路由        Route traffic through a session
save          # 保存数据               Saves the active datastores
sessions      # 转储session并显示信息   Dump session listings and display information about sessions
set           # 设置变量               Sets a context-specific variable to a value
setg          # 设置全局变量           Sets a global variable to a value
sleep         # 挂起                   Do nothing for the specified number of seconds
spool         # 讲控制台输出输出到文件  Write console output into a file as well the screen
threads       # 查看与操作后台线程      View and manipulate background threads
tips          # 显示提示列表           Show a list of useful productivity tips
unload        # 卸载框架插件           Unload a framework plugin
unset         # 恢复变量               Unsets one or more context-specific variables
unsetg        # 恢复全局变量           Unsets one or more global variables
version       # 显示版本               Show the framework and console library version numbers

Module Commands

Command       CN                   Description
-------       --                   -----------
advanced      # 显示模块高级设置     Displays advanced options for one or more modules
back          # 返回                Move back from the current context
clearm        # 清空模块列表         Clear the module stack
favorite      # 给模块点个赞         Add module(s) to the list of favorite modules
info          # 显示模块信息         Displays information about one or more modules
listm         # 列出模块列表         List the module stack
loadpath      # 从路径加载模块       Searches for and loads modules from a path
options       # 显示全局设置         Displays global options or for one or more modules
popm          # 从栈取出模块并运行    Pops the latest module off the stack and makes it active
previous      # 加载上一个模块       Sets the previously loaded module as the current module
pushm         # 模块入栈             Pushes the active or list of modules onto the module stack
reload_all    # 从路径重新加载模块    Reloads all modules from all defined module paths
search        # 搜索模块             Searches module names and descriptions
show          # 显示模块             Displays modules of a given type, or all modules
use           # 使用模块             Interact with a module by name or search term/index

Job Commands

Command       CN                 Description
-------       -----------        -----------
handler       # 启动一个handler   Start a payload handler as job
jobs          # 显示与管理jobs    Displays and manages jobs
kill          # 结束job          Kill a job
rename_job    # 重命名job        Rename a job

Resource Script Commands

Command       CN                      Description
-------       --                      -----------
makerc        # 将所有命令输出到文件    Save commands entered since start to a file
resource      # 从文件加载命令          Run the commands stored in a file

Database Backend Commands

Command           CN                     Description
-------           --                     -----------
analyze           # 分析数据库信息        Analyze database information about a specific address or address range
db_connect        # 连接数据库            Connect to an existing data service
db_disconnect     # 断开数据库            Disconnect from the current data service
db_export         # 导出包含数据库内容文件 Export a file containing the contents of the database
db_import         # 导入扫描结果          Import a scan result file (filetype will be auto-detected)
db_nmap           # 执行nmap并输出        Executes nmap and records the output automatically
db_rebuild_cache  # 重建存储模块缓存       Rebuilds the database-stored module cache (deprecated)
db_remove         # 删除                 Remove the saved data service entry
db_save           # 设为默认数据库        Save the current data service connection as the default to reconnect on startup
db_status         # 显示数据库状态        Show the current data service status
hosts             # 列出数据库中的所有主机 List all hosts in the database
loot              # 列出数据库中的战利品   List all loot in the database
notes             # 列出数据库中的笔记     List all notes in the database
services          # 列出数据库中的所有服务 List all services in the database
vulns             # 列出数据库中的所有漏洞 List all vulnerabilities in the database
workspace         # 切换工作空间          Switch between database workspaces

Credentials Backend Commands

Command       CN                         Description
-------       --                         -----------
creds         # 列出数据库中的所有凭证     List all credentials in the database

Developer Commands

Command       CN                  Description
-------       --                  -----------
edit          # 编辑当前模块       Edit the current module or a file with the preferred editor
irb           # 打开Ruby shell     Open an interactive Ruby shell in the current context
log           # 显示日志           Display framework.log paged to the end if possible
pry           # 打开Pry debugger   Open the Pry debugger on the current module or Framework
reload_lib    # 路径加载Ruby库      Reload Ruby library files from specified paths
time          # 命令运行时间        Time how long it takes to run a particular command

msfconsole

msfconsole is the primary interface to Metasploit Framework. There is quite a
lot that needs go here, please be patient and keep an eye on this space!

msfconsole是Metasploit Framework的主要界面。这里需要写很多东西，还请耐心等待，关注这个地方！

Building ranges and lists

Many commands and options that take a list of things can use ranges to avoid
having to manually list each desired thing. All ranges are inclusive.

Ranges of IDs

Commands that take a list of IDs can use ranges to help. Individual IDs must be
separated by a , (no space allowed) and ranges can be expressed with either
- or ...

需要输入一些编号的命令可以用范围来简化。每个编号之间要用,隔开（不能有空格），范围可以用-或者..来表示。

Ranges of IPs

There are several ways to specify ranges of IP addresses that can be mixed
together. The first way is a list of IPs separated by just a (ASCII space),
with an optional ,. The next way is two complete IP addresses in the form of
BEGINNING_ADDRESS-END_ADDRESS like 127.0.1.44-127.0.2.33. CIDR
specifications may also be used, however the whole address must be given to
Metasploit like 127.0.0.0/8 and not 127/8, contrary to the RFC.
Additionally, a netmask can be used in conjunction with a domain name to
dynamically resolve which block to target. All these methods work for both IPv4
and IPv6 addresses. IPv4 addresses can also be specified with special octet
ranges from the NMAP target
specification

同样的IP地址也有范围来简化。可以参考nmap。

Examples

Terminate the first sessions:

sessions -k 1

Stop some extra running jobs:

jobs -k 2-6,7,8,11..15

Check a set of IP addresses:

check 127.168.0.0/16, 127.0.0-2.1-4,15 127.0.0.255

Target a set of IPv6 hosts:

set RHOSTS fe80::3990:0000/110, ::1-::f0f0

Target a block from a resolved domain name:

set RHOSTS www.example.test/24