Metasploit-Framework 介绍



Kali metasploit-framework Repo 仓库

msfconsole - Metasploit框架的主要接口

root@kali:~# msfconsole -h
Usage: msfconsole [options]

Common options:
-E, --environment ENVIRONMENT   The Rails environment. Will use RAIL_ENV environment
                                variable if that is set. Defaults to production if
                            neither option not RAILS_ENV environment variable is set.

Database options:
-M, --migration-path DIRECTORY   Specify a directory containing additional DB
-n, --no-database                Disable database support
-y, --yaml PATH                  Specify a YAML file containing database settings

Framework options:
-c FILE                          Load the specified configuration file
-v, --version                    Show version

Module options:
--defer-module-loads             Defer module loading unless explicitly asked.
-m, --module-path DIRECTORY      An additional module path

Console options:
-a, --ask                        Ask before exiting Metasploit or accept 'exit -y'
-H, --history-file FILE          Save command history to the specified file
-L, --real-readline              Use the system Readline library instead of
-o, --output FILE                Output to the specified file
-p, --plugin PLUGIN              Load a plugin on startup
-q, --quiet                      Do not print the banner on startup
-r, --resource FILE              Execute the specified resource file (- for stdin)
-x, --execute-command COMMAND    Execute the specified string as console commands
                                 (use ; for multiples)
-h, --help                       Show this message

msfd — 提供一个msfconsole实例远程客户端可以连接

root@kali:~# msfd -h

Usage: msfd <options>


    -A <opt>  Specify list of hosts allowed to connect
    -D <opt>  Specify list of hosts not allowed to connect
    -a <opt>  Bind to this IP address instead of loopback
    -f        Run the daemon in the foreground
    -h        Help banner
    -p <opt>  Bind to this port instead of 55554
    -q        Do not print the banner on startup
    -s        Use SSL

msfdb - 管理Metasploit框架数据库

root@kali:~# msfdb

Manage a metasploit framework database

  msfdb init    # initialize the database
  msfdb reinit  # delete and reinitialize the database
  msfdb delete  # delete database and stop using it
  msfdb start   # start the database
  msfdb stop    # stop the database

msfrpc — 连接到一个RPC Metasploit的实例

root@kali:~# msfrpc -h

Usage: msfrpc <options>


    -P <opt>  Specify the password to access msfrpcd
    -S        Disable SSL on the RPC socket
    -U <opt>  Specify the username to access msfrpcd
    -a <opt>  Connect to this IP address
    -h        Help banner
    -p <opt>  Connect to the specified port instead of 55553

msfrpcd — 提供了一个RPC的Metasploit接口

root@kali:~# msfrpcd -h

Usage: msfrpcd <options>


    -P <opt>  Specify the password to access msfrpcd
    -S        Disable SSL on the RPC socket
    -U <opt>  Specify the username to access msfrpcd
    -a <opt>  Bind to this IP address
    -f        Run the daemon in the foreground
    -h        Help banner
    -n        Disable database
    -p <opt>  Bind to this port instead of 55553
    -t <opt>  Token Timeout (default 300 seconds
    -u <opt>  URI for Web server

msfvenom — 独立Metasploit负载生成器

root@kali:~# msfvenom -h
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: /usr/bin/msfvenom [options] <var=val>

    -p, --payload       <payload>    Payload to use. Specify a '-' or stdin to use
                                     custom payloads
        --payload-options            List the payload's standard options
    -l, --list          [type]       List a module type. Options are: payloads,
                                     encoders, nops, all
    -n, --nopsled       <length>     Prepend a nopsled of [length] size on to the
    -f, --format        <format>     Output format (use --help-formats for a list)
        --help-formats               List available formats
    -e, --encoder       <encoder>    The encoder to use
    -a, --arch          <arch>       The architecture to use
        --platform      <platform>   The platform of the payload
        --help-platforms             List available platforms
    -s, --space         <length>     The maximum size of the resulting payload
        --encoder-space <length>     The maximum size of the encoded payload
                                     (defaults to the -s value)
    -b, --bad-chars     <list>       The list of characters to avoid example:
    -i, --iterations    <count>      The number of times to encode the payload
    -c, --add-code      <path>       Specify an additional win32 shellcode file to
    -x, --template      <path>       Specify a custom executable file to use as a
    -k, --keep                       Preserve the template behavior and inject the
                                     payload as a new thread
    -o, --out           <path>       Save the payload
    -v, --var-name      <name>       Specify a custom variable name to use for
                                     certain output formats
        --smallest                   Generate the smallest possible payload
    -h, --help                       Show this message

Metasploit-Framework 用法示例