The Metasploit Framework is a complete software platform used for testing and executing exploits. Metasploit can also be used as a very flexible penetration testing system and is perhaps the most popular penetration testing tool used across the broad spectrum of ethical hackers, security researchers, and, unfortunately, malicious hackers.
There are several editions of Metasploit. The Metasploit Framework edition is free and contains a basic command line (CLI), supports third-party import, and manual exploitation and brute force attacks. The free edition also includes Zenmap and a Ruby compiler. The professional edition includes many more features—check on the Rapid7 website here https://www.rapid7.com/products/metasploit/ to learn more about what is available in the product today. There are older editions of Metasploit still floating around, including a Community edition and an Express edition. Both of these have been discontinued.
Metasploit does a good job of performing vulnerability assessment in both network and web applications. You can get Metasploit with plug-ins for vulnerability scanners such as OpenVAS, Nexpose, and Nessus.
There are many interfaces to use with Metasploit and each one has its own trade-offs. The MSF CLI brings a command line interface (CLI) to the Metasploit Framework. This enables you to add Metasploit exploits into your scripts. MSF CLI is very easy to use when launching new exploits, developing or testing a new exploit, and good to use in scripts and with basic automation. It doesn’t support the advanced features of the MSF console.
Metasploit exploits include active and passive. Active exploits will target and exploit a specific host and run completely through completion. Passive exploits wait for incoming hosts and then exploit these hosts as they connect. Passive exploits are client-centric to FTP clients and web browsers.
Payloads are an important part of Metasploit – a payload refers to a specific exploit module. The Metasploit framework supports several types of payloads. If you look at Metasploit’s payload list, you will also notice that some payloads have similar names but appear in slightly different formats. As an example: windows/shell/reverse_tcp and windows/shell_reverse_tcp. The staged payload has a forward slash, and the version with the underscore is a single payload. The definition of a these are:
There are many other types of different payloads. Metasploit has hundreds of payloads and more are being added all the time. These include:
Metasploit has well over 1,000+ exploits. Over the past year or two they have continue to be added at a rate of over one new exploit per day. It would help to search for these and then review some detailed listings to understand what is available and by what version. They are sorted by platform here alphabetically:
Metasploit has internal support for the PostgreSQL database. This enables penetration testers to maintain and track activity during the testing activity. The database allows users relatively fast access to scan results and allows the import and export of results from 3rd party tools. All of this can be well organized and easily accessible.
Once Metasploit is set up, it is prudent to export data. This is done by using the command “db_export” which pulls all of our gathered information into an XML file format. XML is excellent for generating a variety of report formats later. The db export command allows you to export all the active workspace information. It also provides a pwdump format to export collected credentials.
There are many vulnerability scanning features supported by the Metasploit Framework. Vulnerability scanning allows you to quickly scan a target IP range looking for known vulnerabilities. Once in hand, penetration testers can make decisions about which attack vectors to use. This is a very powerful asset for penetration testing. In context, vulnerability scanning has some trade-offs and is known by reputation to have high false positive rates.
These are the highlights of the vulnerability scanning capabilities within the Metasploit Framework:
It should be noted that Metasploit has limited but excellent tutorials available. They include a good overview of Pass the Hash, Testing a Single Credential, and a more generalized Credentials Tutorial. All of this and the detailed documentation allows you to get up to speed rapidly, so you can start vulnerability testing and execute decisively on your penetration testing strategy.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.