Almost all of your interaction with Metasploit will be through its many modules, which it looks for in two locations. The first is the primary module store under /usr/share/metasploit-framework/modules/ and the second, which is where you will store custom modules, is under your home directory at ~/.msf4/modules/.
root@kali:~# ls /usr/share/metasploit-framework/modules/
auxiliary encoders exploits nops payloads post
All Metasploit modules are organized into separate directories, according to their purpose. A basic overview of the various types of Metasploit modules is shown below.
In the Metasploit Framework, exploit modules are defined as modules that use payloads.
root@kali:~# ls /usr/share/metasploit-framework/modules/exploits/
aix bsdi firefox irix multi solaris
android dialup freebsd linux netware unix
apple_ios example.rb hpux mainframe osx windows
Auxiliary modules include port scanners, fuzzers, sniffers, and more.
root@kali:~# ls /usr/share/metasploit-framework/modules/auxiliary/
admin client dos gather scanner spoof vsploit
analyze crawler example.rb parser server sqli
bnat docx fuzzers pdf sniffer voip
Payloads, Encoders, Nops
Payloads consist of code that runs remotely, while encoders ensure that payloads make it to their destination intact. Nops keep the payload sizes consistent across exploit attempts.
root@kali:~# ls /usr/share/metasploit-framework/modules/payloads/
singles stagers stages
root@kali:~# ls /usr/share/metasploit-framework/modules/encoders/
cmd generic mipsbe mipsle php ppc ruby sparc x64 x86
root@kali:~# ls /usr/share/metasploit-framework/modules/nops/
aarch64 armle mipsbe php ppc sparc tty x64 x86
Loading Additional Module Trees
Metasploit gives you the option to load modules either at runtime or after msfconsole has already been started. Pass the -m option when running msfconsole to load additional modules at runtime:
root@kali:~# msfconsole -m ~/secret-modules/
If you need to load additional modules from with msfconsole, use the loadpath command:
msf > loadpath
Loads modules from the given directory which should contain subdirectories for
module types, e.g. /path/to/modules/exploits
msf > loadpath /usr/share/metasploit-framework/modules/
Loaded 399 modules:
Become a Certified Penetration Tester
Enroll in Penetration Testing with Kali Linux, the course required to become an Offensive Security Certified Professional (OSCP)