Here is a reference for the most frequently used commands and syntax within Metasploit’s various interfaces and utilities. See Meterpreter Post Exploitation Commands in MSFencode Commands for some all-in-one commands that will make your life easier.
show exploitsShow all exploits within the Framework.
show payloadsShow all payloads within the Framework.
show auxiliaryShow all auxiliary modules within the Framework.
search nameSearch for exploits or modules within the Framework.
infouse nameLoad an exploit or module (example: use windows/smb/psexec).
LHOSTYour local host’s IP address reachable by the target, often the public IP address when not on a local network. Typically used for reverse shells.
RHOSTThe remote host or the target.
set functionSet a specific value (for example, LHOST or RHOST).
setg functionSet a specific value globally (for example, LHOST or RHOST).
show optionsShow the options available for a module or exploit.
show targetsShow the platforms supported by the exploit.
set target numSpecify a specific target index if you know the OS and service pack.
set payload payloadSpecify the payload to use.
show advancedShow advanced options.
set autorunscript migrate -fAutomatically migrate to a separate process upon exploit completion.
checkDetermine whether a target is vulnerable to an attack.
exploitExecute the module or exploit and attack the target.
exploit -jRun the exploit under the context of the job. (This will run the exploit in the background.)
exploit -zDo not interact with the session after successful exploitation.
exploit -e encoderSpecify the payload encoder to use (example: exploit -e shikata_ga_nai).
exploit -hDisplay help for the exploit command.
sessions -lList available sessions (used when handling multiple shells).
sessions -l -vList all available sessions and show verbose fields, such as which vulnerability was used when exploiting the system.
sessions -s scriptRun a specific Meterpreter script on all Meterpreter live sessions.
sessions -KKill all live sessions.
sessions -c cmdExecute a command on all live Meterpreter sessions.
sessions -u sessionIDUpgrade a normal Win32 shell to a Meterpreter console.
db_create nameCreate a database to use with database-driven attacks (example: db_create autopwn).
db_connect nameCreate and connect to a database for driven attacks (example: db_connect autopwn).
db_nmapUse nmap and place results in database. (Normal nmap syntax is supported, such as -sT -v -P0.)
db_autopwn -hDisplay help for using db_autopwn.
db_autopwn -p -r -eRun db_autopwn against all ports found, use a reverse shell, and exploit all systems.
db_destroyDelete the current database.
db_destroy user:password@host:port/databaseDelete database using advanced options.