What is the msfconsole?
The msfconsole is probably the most popular interface to the Metasploit Framework (MSF). It provides an “all-in-one” centralized console and allows you efficient access to virtually all of the options available in the MSF. Msfconsole may seem intimidating at first, but once you learn the syntax of the commands you will learn to appreciate the power of utilizing this interface.
Benefits to using msfconsole
- It is the only supported way to access most of the features within Metasploit.
- Provides a console-based interface to the framework
- Contains the most features and is the most stable MSF interface
- Full readline support, tabbing, and command completion
- Execution of external commands in msfconsole is possible:
The msfconsole is launched by simply running msfconsole from the command line. Msfconsole is located in the /usr/share/metasploit-framework/msfconsole directory.
The -q option removes the launch banner by starting msfconsole in quiet mode.
How to Use the Command Prompt
You can pass -h to msfconsole to see the other usage options available to you.
Entering help or a ? once in the msf command prompt will display a listing of available commands along with a description of what they are used for.
The msfconsole is designed to be fast to use and one of the features that helps this goal is tab completion. With the wide array of modules available, it can be difficult to remember the exact name and path of the particular module you wish to make use of. As with most other shells, entering what you know and pressing ‘Tab’ will present you with a list of options available to you or auto-complete the string if there is only one option. Tab completion depends on the ruby readline extension and nearly every command in the console supports tab completion.
- use exploit/windows/dce
- use .*netapi.*
- set LHOST
- set TARGET
- set PAYLOAD windows/shell/
The msfconsole is the most commonly used interface for Metasploit. Making yourself familiar with these msfconsole commands will help you throughout this course and give you a strong foundation for working with Metasploit in general.