back— exit the current moduledb_nmap $FLAGS $IP— run Nmap and dump the results into the Metasploit DB; all Nmap$FLAGSare supported and Metasploit will elevate privileges if necessaryhelp— get Metasploit helphistory— display command historyhosts— display known hosts in DBhosts -d— delete saved hosts from DBinfo— show module information (including exploit target options)jobs— check the status of background jobsoptions(advanced) — show module/exploit options (or “advanced” options)run/exploit— run the selected exploitrun -j— run the selected exploit as a background jobsearch— search modules; query to a particular type of module using thetype:parameter (e.g.,search type:exploit wordpress)services— display services discovered in known hosts in DBsessions— list open meterpreter sessions on a boxsessions -i $SESSION_NUMER— connect to meterpreter session$SESSION_NUMBERshow auxiliary— show auxiliary modules, filtered by relevancy if called from within a moduleshow exploits— show exploit modulesshow options— show module optionsshow payloads— show payload modules, filtered by relevancy if called from within a modulespool— save all console output to a log file (useful for record-keeping)use— select a Metasploit module/exploitvulns— display vulnerabilities discovered in known hosts in DBworkspace— use workspaces; keeps database results isolated per engagement
Note that you can also call regular shell commands (ip, ls, etc.) from msfconsole. You can also background processes using Ctrl + Z (Metasploit will trap this, so you don’t have to worry about backgrounding the entire msfconsole).