Metasploit

Tool

Date: 2026-05-17

Metasploit contains built-in exploits for many public vulnerabilities and provides easy ways to exploit against vulnerable targets.

MSF has many other features, like:

Running reconnaissance scripts to enumerate remote hosts and compromised targets
Verification scripts to test the existence of a vulnerability without actually compromising the target
Meterpreter, which is a great tool to connect to shells and run commands on the compromised targets
Many post-exploitation and pivoting tools

Tip: Search can apply complex filters such as search cve:2009 type:exploit. See all the filters with help search image 4.png Payload and module options can be set with the “set” command:

msf6 exploit(windows/smb/ms17_010_psexec) > set RHOSTS 10.10.10.40
RHOSTS => 10.10.10.40
msf6 exploit(windows/smb/ms17_010_psexec) > set LHOST tun0
LHOST => tun0

Before running the exploit script, the target can be checked to see if it’s still vulnerable using the “check” command. Not all exploits in the framework support the “check” function.

The “run” or “exploit” command then runs the exploit. image 5.png