Metasploit

Getting Started

Metasploit is a penetration testing platform that enables you to find, exploit, and validate vulnerabilities. The platform includes the Metasploit Pro and Metasploit Framework. To get started using Metasploit Pro right away, see our Install Guide.

Metasploit Pro

Metasploit Pro is for users who prefer to use a web interface for pen testing. Some features available in Pro are unavailable in Metasploit Framework.

Pro Features not in Metasploit Framework

  • Task Chains
  • Social Engineering
  • Vulnerability Validations
  • GUI
  • Quick Start Wizards
  • Nexpose Integration

If you are a command line user, but still want access to the commercial features, Metasploit Pro includes its very own console, which is very much like msfconsole, except it gives you access to most of the features in Metasploit Pro via the command line.

Metasploit Pro Features

Metasploit Pro offers pen testing features to help you simulate real world attacks, collect data, and remediate found exploits.

Infiltrate

  • Manual Exploitation
  • Anti-virus Evasion
  • IPS/IDS Evasion
  • Proxy Pivot
  • Post-Exploration Modules
  • Session Clean Up
  • Credentials Reuse
  • Social Engineering
  • Payload Generator
  • Quick Pen Testing
  • VPN Pivoting
  • Vulnerability Validation
  • Phishing Wizard
  • Web App Testing
  • Persistent Sessions

Collect Data

  • Import and scan data
  • Discovery Scans
  • MetaModules
  • Nexpose Scan Integration

Remediate

  • Bruteforce
  • Task Chains
  • Exploitation Workflow
  • Session Rerun
  • Task Replay
  • Project Sonar Integration
  • Session Management
  • Credential Management
  • Team Collaboration
  • Web Interface
  • Backup and Restore
  • Data Export
  • Evidence Collection
  • Reporting
  • Tagging Data

To learn more about the difference between Pro and Framework see, Metasploit Pen Testing Tool.

Interfaces

Metasploit Pro comes with a web interface and a command line interface. Most features available in the web interface are also available in the command line.

Web Interface

A web interface is available for you to work with Metasploit Pro. To launch the web interface, open a web browser and go to https://localhost:3790. To learn more about the web interface see Using the Metasploit Web Interface.

Pro Console

The Pro Console enables you to interact with Metasploit Pro from the command line. It is similar to the Metasploit Framework console.

Metasploit Framework

The Metasploit Framework is the foundation on which the commercial products are built. It is an open source project that provides the infrastructure, content, and tools to perform penetration tests and extensive security auditing.

There are quite a few resources available online to help you learn how to use the Metasploit Framework; however, we highly recommend that you take a look at the Metasploit Framework Wiki, which is maintained by Rapid7, to ensure that you have the most up to date information available.

Metasploit Architecture

The Metasploit Framework is an open source pen testing and development platform that provides you with access to the latest exploit code for various applications, operating systems, and platforms. You can leverage the power of the Metasploit Framework to create additional custom security tools or write your own exploit code for new vulnerabilities.

Modules

A module is a standalone piece of code, or software, that extends the functionality of the Metasploit Framework. Modules automate the functionality that the Metasploit Framework provides and enables you to perform tasks with Metasploit Pro.

A module can be an:

  • Exploit
  • Auxiliary
  • Payload
  • No operation payload (NOP)
  • Post-exploitation module
  • Encoder

For example, an exploit uses a payload to deliver code to run on another machine. The payload will open a shell or a Meterpreter session to run a post-exploitation module. The encoder will make sure the payload is delivered and no operation payload will make sure the payload size is kept consistent.

Services

Metasploit Pro runs the following services:

  • PostgreSQL - Runs the database that Metasploit Pro uses to store data from a project.
  • Ruby on Rails - Runs the web Metasploit Pro web interface.
  • Pro service - Also known as the Metasploit service, bootstraps Rails, the Metasploit Framework, and the Metasploit RPC server.

Getting Started


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.