background image

Metasploit Basics

9

MSFconsole

Msfconsole

 is by far the most popular part of the Metasploit Framework, 

and for good reason. It is one of the most flexible, feature-rich, and well-
supported tools within the Framework. 

Msfconsole

 provides a handy all-in-one 

interface to almost every option and setting available in the Framework; it’s 
like a one-stop shop for all of your exploitation dreams. You can use 

msfconsole

 

to do everything, including launching an exploit, loading auxiliary modules, 
performing enumeration, creating listeners, or running mass exploitation 
against an entire network.

Although the Metasploit Framework is constantly changing, a subset of 

commands remain relatively constant. By mastering the basics of 

msfconsole

you will be able to keep up with any changes. To illustrate the importance of 
learning 

msfconsole

, it will be used in nearly every chapter of the book.

Starting MSFconsole

To launch 

msfconsole

, enter 

msfconsole

 at the command line:

root@bt:/# 

cd /opt/framework3/msf3/

root@bt:/opt/framework/msf3# 

msfconsole

< metasploit >
 ------------
       \   ,__,
        \  (oo)____
           (__)    )\
              ||--|| *
msf >

To access 

msfconsole

’s help files, enter 

help

 followed by the command 

which you are interested in. In the next example, we are looking for help 
for the command 

connect

, which allows us to communicate with a host. The 

resulting documentation lists usage, a description of the tool, and the various 
option flags.

msf > 

help connect

We’ll explore MSFConsole in greater depth in the chapters that follow.

MSFcli

Msfcli

 and 

msfconsole

 take very different approaches to providing access to the 

Framework. Where 

msfconsole

 provides an interactive way to access all features 

in a user-friendly manner, 

msfcli

 puts the priority on scripting and interpret-

ability with other console-based tools. Instead of providing a unique inter-
preter to the Framework, 

msfcli

 runs directly from the command line, which 

allows you to redirect output from other tools into 

msfcli

 and direct 

msfcli

 

output to other command-line tools. 

Msfcli

 also supports the launching of 

exploits and auxiliary modules, and it can be convenient when testing mod-
ules or developing new exploits for the Framework. It is a fantastic tool for