“The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.”
Metasploit is used by both amateurs and professionals in the world of cybersecurity and pen-testing. With its godtier framework, it is ideal for flexibility and specific riggings/responsibilities.
Users are also able to create their own explicit tools. This provides ideal circumstances for exposing vulnerabilities in operation systems/networks/applications.
The Metasploit Framework is freeware; however there is also a premium model available for purchase at $5000/year. The Linux-based version also offers more options than the Windows version, such as raw IP packet injection, wireless driver exploitation, and SMB relaying attacks.
Metasploit’s installation is simple – download the current version, change the mode to ‘x’, and execute the installer with root privileges.
If you are running a Linux based system, the following commands will set up Metasploit Framework:
- wget http://updates.metasploit.com/data/releases/framework-4.0.0-linux-x64-full.run
- chmod +x framework-4.*-linux-full.run
- (sudo) ./framework-4.*-linux-full.run
After completing the commands, the framework set-up will pop up. Like any installation guide, follow the prompts and allow the framework to install. Then after it completes, update the framework by keying in: sudo msfupdate.
As one of Null-Byte’s blog posts explain, there are a large variety of executable commands available with Metasploit. Out of the dozens offered, the following list (courtesy of hacking-tutorial) is a good beginner’s guide:
- ?/help
- background
- irb
- exit/quit
- migrate
- run
- use
There are a lot of aspects that go into this tool. Learning the ropes in one article is very unlikely, but that doesn’t mean you have to pay for more information. In fact, you don’t even have to look that hard.
Tutorials are offered all over the web – from fundamental articles to full-on courses. In conclusion, acquiring more knowledge on this framework is recommended, as it is the root for any pen-tester.