Fähigkeiten metasploit-framework
🔒

metasploit-framework

Mittleres Risiko ⚙️ Externe Befehle🌐 Netzwerkzugriff📁 Dateisystemzugriff

Master Metasploit Penetration Testing with Claude

Security professionals need expert guidance for authorized penetration testing workflows. This skill provides comprehensive Metasploit Framework documentation covering exploitation, payload generation, and post-exploitation activities with legal best practices.

UnterstĂźtzt: Claude Codex Code(CC)
⚠️ 66 Schlecht
1

Die Skill-ZIP herunterladen

2

In Claude hochladen

Gehe zu Einstellungen → Fähigkeiten → Skills → Skill hochladen

3

Einschalten und loslegen

Teste es

Verwendung von "metasploit-framework". How do I start msfconsole and search for SMB exploits?

Erwartetes Ergebnis:

To launch msfconsole and search for SMB exploits: Start the console with 'msfconsole -q' for quiet mode, then use 'search type:exploit smb' to find SMB-related exploit modules. You can also search specifically with 'search eternalblue' for the MS17-010 SMB vulnerability exploit. Review module details with 'info [module_name]' before selecting.

Verwendung von "metasploit-framework". What are the steps to configure and run an exploit with a meterpreter payload?

Erwartetes Ergebnis:

Configure an exploit in six steps: First use 'use [module_path]' to select the exploit. Run 'show options' to view required settings. Set target parameters with 'set RHOSTS [target_ip]' and 'set RPORT [port]'. Choose your payload with 'set PAYLOAD windows/x64/meterpreter/reverse_tcp'. Configure listener with 'set LHOST [your_ip]' and 'set LPORT [port]'. Finally execute with 'exploit' to attempt compromise and establish a Meterpreter session.

Verwendung von "metasploit-framework". What Meterpreter commands should I use after getting a session?

Erwartetes Ergebnis:

After establishing a Meterpreter session, run 'sysinfo' and 'getuid' to understand your access level. Use 'hashdump' to extract password hashes and 'ps' to view running processes. Execute 'migrate [PID]' to move to a more stable process. For data exfiltration, use 'download [file]' or 'upload [file]'. Run 'screenshot' to capture the desktop or 'keyscan_start' to begin keystroke logging. Background the session with 'background' to return to msfconsole.

Sicherheitsaudit

Mittleres Risiko
v1 • 2/25/2026

This skill provides documentation for the Metasploit Framework, a legitimate penetration testing tool used by security professionals. All detected patterns are educational examples showing authorized security testing workflows. The skill includes appropriate legal disclaimers emphasizing written authorization requirements. While it documents offensive security capabilities that could be misused, the context clearly indicates professional security assessment purposes with proper legal safeguards.

1
Gescannte Dateien
484
Analysierte Zeilen
7
befunde
1
Gesamtzahl Audits
Probleme mit mittlerem Risiko (1)
SKILL.md:1-484
Documentation of Offensive Security Tools
This skill provides comprehensive documentation for Metasploit Framework, a penetration testing tool that can be used for both authorized security testing and malicious activities. The content includes exploit modules, payload generation, post-exploitation techniques (credential harvesting, keylogging, screenshots), and persistence mechanisms. While the skill includes legal disclaimers emphasizing written authorization requirements, the detailed technical documentation could be misused by unauthorized actors.
Probleme mit niedrigem Risiko (3)
SKILL.md:20-30SKILL.md:56-171SKILL.md:340-395
Bash Command Examples in Documentation
The skill contains numerous bash command examples showing Metasploit usage (msfconsole, msfvenom, meterpreter commands). These are educational documentation examples, not executable code. Risk is low as these require manual execution by a user who should already have authorization for penetration testing activities.
SKILL.md:146SKILL.md:158SKILL.md:263
Example IP Addresses in Documentation
The skill uses example IP addresses (192.168.x.x private ranges) for demonstration purposes. These are standard documentation examples and do not represent hardcoded targets.
SKILL.md:238-242SKILL.md:308-334
Post-Exploitation Capability Documentation
The skill documents Meterpreter capabilities including keylogging, screenshots, credential harvesting, and file operations. These are descriptions of legitimate penetration testing tool capabilities used during authorized security assessments, not implementations of malicious functionality.

Risikofaktoren

⚙️ Externe Befehle (4)
SKILL.md:20-30 SKILL.md:56-73 SKILL.md:340-373 SKILL.md:379-395
🌐 Netzwerkzugriff (3)
SKILL.md:146 SKILL.md:228 SKILL.md:263
📁 Dateisystemzugriff (1)
SKILL.md:216-217
Auditiert von: claude

Qualitätsbewertung

38
Architektur
100
Wartbarkeit
87
Inhalt
50
Community
54
Sicherheit
91
Spezifikationskonformität

Was du bauen kannst

Penetration Testing Workflow Guidance

Security professionals use this skill during authorized penetration testing engagements to navigate Metasploit Framework capabilities, select appropriate exploit modules, configure payloads, and conduct post-exploitation activities within legal scope.

Security Assessment Documentation

Red team members leverage this skill to document Metasploit usage in security assessment reports, ensuring proper command syntax, module selection, and post-exploitation activities are recorded accurately for client deliverables.

Educational Resource for Security Training

Cybersecurity students and certification candidates use this skill to learn Metasploit Framework concepts, practice penetration testing workflows in lab environments, and prepare for certifications like OSCP, CEH, and PTX.

Probiere diese Prompts

Basic Module Search and Selection 
How do I search for and select an appropriate Metasploit exploit module for a Windows target with SMB vulnerabilities?
Exploit Configuration and Execution 
Guide me through configuring the eternalblue exploit with a meterpreter reverse_tcp payload, including setting RHOSTS, LHOST, and required options.
Post-Exploitation with Meterpreter 
After establishing a Meterpreter session, what commands should I use to enumerate the target system, harvest credentials, and maintain persistence during an authorized penetration test?
Payload Generation with msfvenom 
Generate an msfvenom command to create a Windows executable payload with reverse TCP connection, including encoding to evade antivirus detection.

Bewährte Verfahren

  • Always obtain written authorization before conducting any penetration testing activities with Metasploit
  • Use the 'check' command first to verify target vulnerability before running exploits to minimize disruption
  • Test payloads in isolated lab environments before deploying to production assessment targets
  • Document all commands, results, and findings for inclusion in penetration test reports
  • Use encrypted reverse_https payloads instead of reverse_tcp when possible to evade network monitoring
  • Background sessions and migrate processes immediately to maintain access stability

Vermeiden

  • Do not use Metasploit exploits on systems without explicit written authorization - this is illegal
  • Avoid running all exploits sequentially against targets without proper reconnaissance and vulnerability verification
  • Never use production systems or public IP addresses in example commands during documentation or training
  • Do not leave active Meterpreter sessions unattended or forget to properly close them after assessments
  • Avoid using unencoded payloads that are easily detected by antivirus without testing evasion techniques first

Häufig gestellte Fragen

Is Metasploit Framework legal to use?
Yes, Metasploit is a legitimate penetration testing tool used by security professionals worldwide. However, using it against systems you do not own or without written authorization is illegal. Always ensure you have proper legal authorization and documented rules of engagement before conducting any security testing.
What is the difference between msfconsole and msfvenom?
msfconsole is the main Metasploit Framework interface for running exploits, managing sessions, and conducting post-exploitation activities. msfvenom is a standalone payload generator tool that creates custom executables, scripts, and shellcode for various platforms without needing the full console interface.
Why do my exploits fail or sessions die immediately?
Common causes include antivirus detection, incompatible payload architecture, firewall blocking reverse connections, or crashing the target process. Solutions include using encoded payloads, matching payload architecture to the target OS, migrating to stable processes immediately, and using stageless payloads for more reliable connections.
What are the different payload types in Metasploit?
Metasploit has three payload categories: Singles are self-contained payloads that execute independently. Stagers are small initial payloads that download and execute a larger stage. Stages are the full-featured payloads downloaded by stagers, providing complete functionality like Meterpreter. The naming convention follows platform/architecture/type/connection.
How do I evade antivirus detection with Metasploit payloads?
Use multiple encoding iterations with the -e flag and -i parameter to obfuscate payloads. Consider using evasion modules, custom payload templates, or alternative payload types like reverse_https. For advanced evasion, you may need to create custom shellcode loaders or use third-party payload generation frameworks alongside Metasploit.
Can this skill execute Metasploit commands directly through Claude or Claude Code?
No, this skill provides documentation and guidance for Metasploit Framework but does not execute commands directly. You must have Metasploit installed on your system and run commands through your terminal. The skill helps you understand proper syntax, module selection, configuration, and troubleshooting workflows.

Entwicklerdetails

Autor

sickn33

Lizenz

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/metasploit-framework

Ref

main

Dateistruktur

📄 SKILL.md