1. Port Scanning & Database Management

Port Scanning

1. List scanning modules:
   • Command: search portscan
   • Common modules include TCP, SYN, ACK, and XMAS scanners
2. Key Port Scan Options:
   • CONCURRENCY: Number of simultaneous target scans
   • PORTS: Range to scan (e.g., 1-10000)
   • RHOSTS: Target host/network
   • THREADS: Number of simultaneous threads
3. Direct Nmap Usage:
   • Run Nmap from msfconsole: nmap -sS [target]
   • Often faster than Metasploit's built-in scanners

Database Management

systemctl start postgresql

1. msfdb init
2. Workspace Management:
   • List workspaces: workspace
   • Add workspace: workspace -a [name]
   • Switch workspace: workspace [name]
   • Delete workspace: workspace -d [name]
3. Database Features:
   • Save scan results: db_nmap
   • View hosts: hosts
   • View services: services
   • Search services: services -S [service_name]

2. Exploit Usage & Payload Management

Exploit Workflow

1. Search for exploits: search [term]
2. Get exploit info: info [exploit_path]
3. Select exploit: use [exploit_path]
4. Configure options: show options
5. Set required parameters: set [option] [value]

Payload Management

1. List compatible payloads:
   • Command: show payloads
   • Example payloads:
     • generic/custom
     • generic/shell_bind_tcp
     • generic/shell_reverse_tcp
     • windows/x64/meterpreter variants
2. Payload Selection:
   • Set payload: set payload [number_or_name]
   • Configure payload options: show options
   • Common required options:
     • LHOST (listening host)
     • LPORT (listening port)

Example Exploit Execution (MS17-010 EternalBlue):