Metasploit uses different types of modules to perform tasks during penetration testing. Each module has a specific function, like exploiting a vulnerability, scanning a system, or maintaining access after a compromise.
Modules are stored in folders based on their type and can be loaded and customized within the Metasploit console.
Exploit Modules
These are used to attack a target system by taking advantage of a known vulnerability.
use exploit/windows/smb/ms17_010_eternalblue- Launches actual attacks.
- Needs proper configuration (target, payload, options).
- Often paired with a payload to gain control.
Payload Modules
Payloads are the code executed on the target after an exploit is successful. They help you gain control or perform a task.
set payload windows/meterpreter/reverse_tcp- Provides shell access or other features.
- Works with exploits and listeners.
- Types: singles, stagers, and stages.
Auxiliary Modules
These do non-exploit tasks like scanning, sniffing, or information gathering.
use auxiliary/scanner/ftp/ftp_version- Doesn’t exploit or gain access.
- Used for reconnaissance or brute force attacks.
- Fast and versatile for testing.
Encoder Modules
Encoders help avoid detection by obfuscating payloads. They don’t change how the payload works, just how it looks.
set encoder x86/shikata_ga_nai- Helps bypass antivirus or IDS.
- Used mostly for stealth.
- Not always necessary with modern AV evasion tools.
Post-Exploitation Modules
Used after a system has been compromised to gather information, escalate privileges, or move laterally.
use post/windows/gather/hashdump- Runs only after successful access.
- Helps deepen control of the system.
- Can extract passwords, tokens, or keystrokes.
Evasion Modules
Evasion modules are designed to bypass security tools like antivirus, endpoint detection, or sandboxing by generating payloads that are harder to detect.
use evasion/windows/windows_defender_exe- Used to create stealthier payloads.
- Often used before or during delivery of a malicious file.
- Helps test the effectiveness of security defenses.
NOP Modules
NOP (No Operation) generators are used to pad shellcode and maintain alignment in memory. Rarely used manually.
set nop x86/single_byte- Adds buffer space for smooth execution.
- Prevents crashes in exploits.
- Mostly used in older payloads.
Module Comparison Table
| Module Type | Purpose | Typical Use Example |
|---|---|---|
| Exploit | Attacks vulnerability | exploit/windows/http/rejetto_hfs_exec |
| Payload | Runs on target after exploit | windows/meterpreter/reverse_tcp |
| Auxiliary | Scans, sniffs, gathers info | scanner/ssh/ssh_version |
| Encoder | Obfuscates payloads | x86/shikata_ga_nai |
| Post | Used after compromise | gather/enum_logged_on_users |
| NOP | Aligns code in memory | x86/single_byte |
| Evasion | Bypasses antivirus/security tools | evasion/windows/windows_defender_exe |