Metasploit Modules and Locations

The Metasploit Framework is composed of modules.


  • Defined as modules that use payloads
  • An exploit without a payload is an Auxiliary module

Payloads, Encoders, Nops

  • Payloads consist of code that runs remotely
  • Encoders ensure that payloads make it to their destination
  • Nops keep the payload sizes consistent

Primary Module Tree

  • Located under /usr/share/metasploit-framework/modules/

User-Specified Module Tree

  • Located under ~/.msf4/modules/
  • This location is ideal for private module sets

Loading Additional Module Trees

Metasploit gives you the freedom to load modules either at runtime or after msfconsole has already been started. Pass the -m option when running msfconsole to load at runtime:

Metasploit Unleashed - add additonal Module Paths


If you need to load additional modules after runtime, use the Metasploit loadpath command from within msfconsole:


Metasploit loadpath command