`msfconsole` run the framework
always helpful to run `msfupdate`
nmap is incorporated into the framework
`search name:Apple type:exploit`
- exploits and resources are organized in a folder structure
- rank -> rates exploits from: excellent, great, good, normal to average
`info [path-to-exploit]`
- gives general info about the exploit as well as what is required
- for example: `info exploit/apple_ios/browser/safari_libtiff`
- msf fully supports tab completion
| Command | Description | Options |
|-------------|---------------------------------------------------------------------|---------|
| search | Searches for modules. | [keywords] |
| info | Provides more information on a specific module. | [module name] |
| use | Selects a module for interaction. | [module name] |
| show options| Displays the options for the current module. | None |
| set | Sets a variable to a value. | [variable name] [value] |
| unset | Unsets a variable or datastore value. | [variable name] |
| run/exploit | Executes the current module. | None |
| setg | Sets a global variable to a value. | [variable name] [value] |
| unsetg | Unsets a global variable. | [variable name] |
| save | Saves the active datastores. | None |
| load | Loads a plugin. | [plugin name] |
| unload | Unloads a plugin. | [plugin name] |
| back | Moves out of the current context. | None |
| sessions | Dumps session listings and displays active sessions. | -i [session id], -k [session id], -u [session id] |
| jobs | Displays and manages jobs. | -k [job id], -l |
# Using Attack Modules
`use auxiliary/scanner/ftp/ftp_login` -> to load the ftp_login scanner
- you will see the prompt change to include this
- `show options`
- most arent required
- can change an option with the `set` command
- `set RHOSTS 10.1.16.9` the victim in this instance