Metasploit installation and basic commands

Chưa phân loại
Metasploit has an up to date collection of vulnerability exploits and allows a user to execute them automatically without the need of programming knowledge. It comes by default on Kali Linux. With metasploit any attacker with basic knowledge can compromise any computer or mobile device in relatively easy way.  This can be used for knowledge of how to defend a linux system from hacking attacks.

Installing PostgreSQL

Metasploit depends on PostgreSQL for database connection, to install it on Debian/Ubuntu based systems run:

apt install postgresql

To download and install metasploit run:

templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall &&

chmod 755 msfinstall &&


After installation ends  to create the database run:

msfdb init

During the process you will be asked for a username or password, you can ignore the password, at the end you’ll see the username you  assigned to the database, the password and token and below a URL https://localhost:5443/api/v1/auth/account , access it and login using the username and password.

To create the database and then run:


After launching metasploit type “db_status” to make sure the connection is working properly as shown in the image above.

Note: In case you find problems with the database, try the following commands:

service postgresql restart
service postgresql status
msfdb reinit

Make sure postgresql is running when checking it’s status.

Getting started with metasploit, basic commands:

show options

The command help will print the man page for metasploit, this command does not need description.

The command search is useful to find exploits, let’s search for exploits against Microsoft, type “search ms

It will show a list of Auxiliary Modules and Exploits helpful against Microsoft running devices.

An Auxiliary Module in Metasploit is an aiding tool, it adds features to metasploit such as brute force, scanning for specific vulnerabilities, target localization within a network, etc.

For this tutorial we don’t have a real target for testing but we’ll use an auxiliary module to detect camera devices and take snapshots. Type:

use post/windows/manage/webcam

As you see the module was chosen, now let’s go back by typing “back” and type “hosts” to see the list of available targets.

The hosts list is empty, you can add one by typing:

hosts -a

Replace for the host you want to target.

Type hosts again and you’ll see a new target added.

To get information on an exploit or module, select it and type “info”, run the following commands:

use exploit/windows/ssh/putty_msg_debug

The command info will provide information on the exploit and how to use it, additionally you can run the command “show options”, which will only show usage instructions, run:

show options

Type back and select a remote exploit, run:

use exploit/windows/smtp/njstar_smtp_bof
show options
set target 0


Use the command set as in the image to define remote hosts (RHOSTS) , local hosts(LOCALHOSTS) and targets, each exploit and module has different information requirements.


Type exit  to leave the program getting the terminal back.

Obviously the exploit won’t work because we are not targeting a vulnerable server, but that’s the way in which metasploit works to carry out an attack. By following the steps above you can understand how basic commands are used.

You can also merge Metasploit with vulnerability scanners such as OpenVas, Nessus, Nexpose and Nmap. Just export the resuts of these scanners as XML and on Metasploit type

db_import  reporttoimport.XML

Type “hosts” and you’ll see the hosts of the report loaded into metasploit.

This tutorial was a first introduction to Metasploit console use and it’s basic commands. I hope you found it helpful to getting started with this potent software.

Keep following LinuxHint for more tips and updates on Linux.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

5 Docker Compose Examples

Docker compose is an efficient and easy way of deploying docker containers on a host. Compose takes in a YAML file and...

Mount and Use Google Drive on Linux Mint

Google Drive is one of the most popular cloud storage services on this planet. Here’s a quick example of how popular...

Vim Macros

Vim is not just an editing tool to create or modify any types of files. It has many useful and powerful features that help...
Bài Viết

Bài Viết Mới Cập Nhật


Mua Proxy v6 US Private chạy PRE, Face, Insta, Gmail

Mua shadowsocks và hướng dẫn sữ dụng trên window

Tại sao Proxy Socks lại được ưa chuộng hơn Proxy HTTP?

Mua thuê proxy v4 nuôi zalo chất lượng cao, kinh nghiệm tránh quét tài khoản zalo