# Metasploit

## Modules
* __Auxiliary__ scanners, crawlers and fuzzers
* __Encoders__ encode payloads
* __Evasion__ prepare payloads to circumvent signature based malware detection 
* __NOPs__ various architectures
* __Payloads__ to run on target systems
    * Singles, inline payloads, for example generic/shell_reverse_tcp
    * Stagers, downloads the stages payloads
    * Stages, for example windows/x64/shell/reverse_tcp
* __Post__ postexploitation

## Notes        
* Search via scope 
```sh
search type:auxiliary <stuff>
```
* Send exploit to background
```
run -z
```
* `check` if target is vulnerable
* `setg` sets variables globally
* `unset payload`
* Flush via `unset all`

## Sessions
* `background` or `ctrl+z`
* Foreground via `sessions -i <number>`

## Scanning
* Portscan
```sh
search portscan
```
* UDP Sweep via `scanner/discovery/udp_sweep`
* SMB Scan via `scanner/smb/smb_version` and `smb_enumshares`
* SMB login dictionary attack `scanner/smb/smb_login`
* NetBios via `scanner/netbios/nbname`
* HTTP version `scanner/http/http_version`

## Database
* Start postgres
* `msfdb init`
* `db_status`
* Separate `workspace -a <projectname>`
* Safe scans via `db_nmap`
* Show `hosts`
* Show `services`
* Set RHOST values via `hosts -R`