Metosploit官方说明

最新推荐文章于 2024-08-20 08:00:00 发布
最新推荐文章于 2024-08-20 08:00:00 发布
阅读量400 收藏
点赞数
分类专栏: Metosploit 文章标签: Metosploit 官方
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_43776408/article/details/100176390
版权 
Core Commands
=============

    Command       Description
    -------       -----------
    ?             Help menu
    banner        Display an awesome metasploit banner
    cd            Change the current working directory
    color         Toggle color
    connect       Communicate with a host
    exit          Exit the console
    get           Gets the value of a context-specific variable
    getg          Gets the value of a global variable
    grep          Grep the output of another command
    help          Help menu
    history       Show command history
    load          Load a framework plugin
    quit          Exit the console
    repeat        Repeat a list of commands
    route         Route traffic through a session
    save          Saves the active datastores
    sessions      Dump session listings and display information about sessions
    set           Sets a context-specific variable to a value
    setg          Sets a global variable to a value
    sleep         Do nothing for the specified number of seconds
    spool         Write console output into a file as well the screen
    threads       View and manipulate background threads
    unload        Unload a framework plugin
    unset         Unsets one or more context-specific variables
    unsetg        Unsets one or more global variables
    version       Show the framework and console library version numbers


Module Commands
===============

    Command       Description
    -------       -----------
    advanced      Displays advanced options for one or more modules
    back          Move back from the current context
    info          Displays information about one or more modules
    loadpath      Searches for and loads modules from a path
    options       Displays global options or for one or more modules
    popm          Pops the latest module off the stack and makes it active
    previous      Sets the previously loaded module as the current module
    pushm         Pushes the active or list of modules onto the module stack
    reload_all    Reloads all modules from all defined module paths
    search        Searches module names and descriptions
    show          Displays modules of a given type, or all modules
    use           Selects a module by name


Job Commands
============

    Command       Description
    -------       -----------
    handler       Start a payload handler as job
    jobs          Displays and manages jobs
    kill          Kill a job
    rename_job    Rename a job


Resource Script Commands
========================

    Command       Description
    -------       -----------
    makerc        Save commands entered since start to a file
    resource      Run the commands stored in a file


Database Backend Commands
=========================

    Command           Description
    -------           -----------
    analyze           Analyze database information about a specific address or address range
    db_connect        Connect to an existing data service
    db_disconnect     Disconnect from the current data service
    db_export         Export a file containing the contents of the database
    db_import         Import a scan result file (filetype will be auto-detected)
    db_nmap           Executes nmap and records the output automatically
    db_rebuild_cache  Rebuilds the database-stored module cache
    db_remove         Remove the saved data service entry
    db_save           Save the current data service connection as the default to reconnect on startup
    db_status         Show the current data service status
    hosts             List all hosts in the database
    loot              List all loot in the database
    notes             List all notes in the database
    services          List all services in the database
    vulns             List all vulnerabilities in the database
    workspace         Switch between database workspaces


Credentials Backend Commands
============================

    Command       Description
    -------       -----------
    creds         List all credentials in the database


Developer Commands
==================

    Command       Description
    -------       -----------
    edit          Edit the current module or a file with the preferred editor
    irb           Open an interactive Ruby shell in the current context
    log           Display framework.log paged to the end if possible
    pry           Open the Pry debugger on the current module or Framework
    reload_lib    Reload Ruby library files from specified paths


msfconsole
==========

`msfconsole` is the primary interface to Metasploit Framework. There is quite a
lot that needs go here, please be patient and keep an eye on this space!

Building ranges and lists
-------------------------

Many commands and options that take a list of things can use ranges to avoid
having to manually list each desired thing. All ranges are inclusive.

### Ranges of IDs

Commands that take a list of IDs can use ranges to help. Individual IDs must be
separated by a `,` (no space allowed) and ranges can be expressed with either
`-` or `..`.

### Ranges of IPs

There are several ways to specify ranges of IP addresses that can be mixed
together. The first way is a list of IPs separated by just a ` ` (ASCII space),
with an optional `,`. The next way is two complete IP addresses in the form of
`BEGINNING_ADDRESS-END_ADDRESS` like `127.0.1.44-127.0.2.33`. CIDR
specifications may also be used, however the whole address must be given to
Metasploit like `127.0.0.0/8` and not `127/8`, contrary to the RFC.
Additionally, a netmask can be used in conjunction with a domain name to
dynamically resolve which block to target. All these methods work for both IPv4
and IPv6 addresses. IPv4 addresses can also be specified with special octet
ranges from the [NMAP target
specification](https://nmap.org/book/man-target-specification.html)

### Examples

Terminate the first sessions:

    sessions -k 1

Stop some extra running jobs:

    jobs -k 2-6,7,8,11..15

Check a set of IP addresses:

    check 127.168.0.0/16, 127.0.0-2.1-4,15 127.0.0.255

Target a set of IPv6 hosts:

    set RHOSTS fe80::3990:0000/110, ::1-::f0f0

Target a block from a resolved domain name:

    set RHOSTS www.example.test/24
加油开心
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
metasploit 自动化攻击
土拨鼠挖洞中的博客
10-04 2190
第一步开启postgresql数据库         第二步:切入到数据库中       第三步:创建用户名和密码       第四步进入数据库,创建数据库       第五步退出数据库进入msf       注意:1.开启数据库后进行的所有操作都可以保存在数据库中方便查阅       2.开启数据库后可以调用NMAP,nessus,等漏...
渗透测试流程之信息收集、漏洞挖掘
追风筝的孩子
08-07 4563
           渗透测试的流程是非常重要的,你要知道你做的每一步,以及下一步要做什么。信息收集是渗透测试的一个重要步骤,包含了一下几个大小类。            一:域名信息             1、whois             用法:在线工具:http://whois.chinaz.com或kali终端输入whois             注册人、邮箱、地址、电话、...
Kali Linux CTF Blueprints.pdf
08-24
讲Kali的,主要说CTF中的应用。打比赛的同学关注一下。
Ubuntu 安装msfconsole
m_de_g的博客
11-25 3100
Ubuntu 安装msfconsole 1.进入到opt目录下 cd /opt/ 2.下载安装文件 msfupdate.erb sudo wget https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb 3.将文件msfupdate.erb重命名为msfinstall,并且赋予755权限,安装msf su
kali中安装使用msfconsole
wyzhxhn的博客
10-25 8647
msfconsole安装
基于kali Linux的msfconsole在线安装和使用
2302_80252080的博客
07-28 395
Msf, 全称Metasploit Framework,是一个广泛使用的开源渗透测试框架。它主要用于网络安全评估和漏洞利用,旨在帮助安全专业人员发现并利用系统中的安全漏洞。Msf包含了一系列工具,如exploits(漏洞利用模块)、auxiliary modules(辅助功能,比如信息收集)、payloads(攻击载荷)以及post-exploitation modules( exploitation后的操作),以便在找到漏洞后完成整个攻击链。
kali中常用的ctf工具
weixin_30383279的博客
09-27 2455
exiftool:查看图片的exif信息。 pngcheck:修复被破坏的png图片 pngtools:深入研究png文件的数据 steganographic:用来提取图片中的隐藏信息 stegsolve.jar:kali中没有该工具,但是可以自己下 gimp:提供了转换各类图像文件可视化数据的功能,还可以用于确认文件是否是一个图像文件。 ImageMagick:工具集可以嵌入在脚本中...
ubuntu安装msfconsole和直接制作外网shell
h1825819493的博客
06-28 799
optcd /opt/msfinstall7554.直接打开msf就可以使用了。
msfconsole安装配置
热门推荐
Blog_inG的博客
12-25 1万+
使用 curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ chmod 755 msfinstall && \ ./msfinstall 安
Windows上安装Metasploit-(msfconsole)
m0_73135216的博客
05-12 2587
平时使用metasploit一般是在kali里面,有时候使用非常的麻烦,其实Metasploit也是支持Windows的,关于很多metasploit的方法,作者觉得有点小麻烦,这里给大家带来一种最简单的方法。任务二 安装metasploit (步骤非常简单)看到这一步说明安装成功了,安装过程比较缓慢,请不要安装到C盘!这里已经运行成功了,看到别的文章要设置环境变量,这里比较简单,就没有做过多的操作,如果安装有问题,就去设置环境变量,也有可能是因为metasploit版本问题和系统版本问题。
Kali Linux CTF Blueprints
11-22
It's a good book, especially considering there aren't really many like it out there and I like the humor/writing style as well as the layout. However, it definitely assumes you know a decent amount about infosec and system administration to get through it and it will not hold your hand through every step. I know the author can't cover it all but for those of you going through it here are some helpful tips I wish were in the book that I have come across so far: - Use Windows Server 2008 R2. 2012 and 2016 will not work with some facets of the Windows build. - It is best to update the OS to get some of the services running correctly (easily). - The URL in the book for ColdFusion appears to be for an UPDATE to 9.1, not the installer for 9.1 (which I can't seem to find) so I had to go with 9.2. - For SQL 2005 Express, make sure the processors are at a power of 2. It took me 3 days to figure out why I couldn't install SQL 2005 Express and it was because I had allocated 3 processors for my VM (same will go for physical builds with 5, 7, or 9 processors; it won't work). - SQL 2005 Express will not allow you to make the password for the sa user "sa" as the book instructs. I will continue to update this list as I go through the book in hopes to help others who are struggling a bit with the configuration of these machines. Cheers and happy hacking, -Ethan
msfconsole
12-12
kail、ubantu的msfconsole平台的用法,如search导入,use调用等等
kail做CTF杂项题的工具安利一波!
qidiandexiaowu
04-08 4798
前言:上周的比赛,知识和工具都补充了一波,着实吓到我这老菜鸟了。 1.blind-watermark 这个工具主要是解决盲水印问题。 克隆到kail里 python encode.py --image <image file> --watermark <watermark file> --result <result file> python decode.p...
ctf:kali工具ettercap,setoolkit
viviliving的专栏
12-02 1070
;;f^^"""-._;;;""?;(PTF)set> 1: :(PTF)set> 2important:
kali linux下安装metasploit(MSF)---转_原水_新浪博客
afst37的专栏
11-08 5974
第一步,kali linux 2.0 本身已内置metasploit,kali 2.0 已经没有metasploit 这个服务了,所以service metasploit start 的方式不起作用。 在kali 2.0中启动带数据库支持的msf方式如下: #1首先启动postgresql数据库:/etc/init.d/postgresql start;或者 service postg...
kali对CTF靶场进行渗透测试找flag
勤能补拙
05-09 1576
kali Linux做攻击机渗透测试CTF靶场找flag
centos安装msfconsole
whojoe的博客
02-25 1916
centos安装msfconsole curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall chmod 755 msfinstall ./msfinstall
我的 ctf kali 常用命令
csdn_ocheers的博客
06-25 2168
ctf kali 常用 命令
网络渗透测试实验四
wow_iamfree的博客
12-07 631
文章目录一、实验目的二、实验准备与内容三、实验过程1.netdiscover发现WebDeveloper的ip2.nmap扫描目标开发端口3.访问目标网站4.whatweb探测CMS模板5.WPScan工具简介6.Dirb网站目录爆破7.通过爆出的路径找到cap文件8.利用WordPress插件漏洞找到目标配置文件9.远程连接目标10.使用tcpdump执行任意命令 一、实验目的 通过对目标靶机的渗透过程,了解CTF竞赛模式,理解CTF涵盖的知识范围,如MISC、PPC、WEB等,通过实践,加强团队协作能
ctf之kali linux一些工具的使用
最新发布
m0_74475929的博客
08-20 2030
Hydra -L username.txt -P password.txt -t 2 -vV -e ns 192.168.126.176 ssh ----ssh协议爆破。Hydra -L username.txt -P password.txt -t 2 -vV -e ns 192.168.126.176 rdp----远程桌面爆破。2.base -d -i <file>--------- base64解密 -i去除无用字符。exiftool <file> ---------查看exif类型文件详细信息。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值