Multi Purpose Hacking/ Pentesting Tools
Here’s our recommended Metasploit Video Tutorial.
What is Metasploit?
In 2003, H.D. Moore, (a Cyber Security Researcher and Program Developer from the US) started the Metasploit Project with the intention being to create a public and freely accessible resource to obtain exploitable code for research and development. The Metasploit Project is credited with the creation of the Metasploit Framework, which has become an open-source exploit framework used for IT Security penetration testing and research.
In 2009, Metasploit was acquired by Rapid7, but was still managed by HD until 2013 when he handed management of the Metasploit department in order to expand Rapid7’s research capabilities. In early 2016 HD left Rapid7 for a new venture.
Metasploit is awesome. Like the other top ten tools mentioned in our mega post it is a ‘must-learn’ security tool. The Metasploit Framework gives data about security vulnerabilities and helps in IDS signature development and penetration testing.
The tool has been completely rewritten in Ruby. If you are new to Metasploit or are a beginner to the Metasploit Framework then you should consider this tool as being a “Vulnerability Exploitation Tool”.
Is Metasploit Free?
Yes and no…the Metasploit Framework is free and can be downloaded here. Since the tool was acquired by Rapid7 there are two core proprietary editions called Metasploit Pro and Metasploit Express. If you’re new to pentesting and are looking to get started in Cyber Security then we’d highly encourage you to get started with the Metasploit Framework because you’ll absolutely learn a ton.
What’s the Difference between Metasploit Framework and Metasploit Pro Framework?
Whilst Metasploit Framework is free, its’ functionality is relatively basic. Professional security researchers, pentesters and ethical hackers would likely prefer to use Metasploit Pro which is the fully-fledged security solution for security programs and advanced penetration tests for SME’s and enterprise level organizations. Measploit Pro would be used for in-depth IT security auditing.
What Are Vulnerability Exploitation Tools?
Metasploit can be categorized in many ways, but we here at concise like to place this tool, or perhaps better said, ‘Framework’, as being a Vulnerability Exploitation Tool. Vulnerability Exploitation Tools are mainly used to discover if an attacker could find overflow weakness to install malware, or to discover fundamental operating and network system design flaws.
Does Metasploit Work on all Operating Systems?
Metasploit runs on Unix (including Linux and Mac OS X) and on Windows, and the Metasploit Framework has been translated in verbose to dozens of languages.
What are Typical Uses for Metasploit?
We’ve written a seperate blog post on the uses of Metasploit here, but as a summary, there are five uses, or ‘steps’ that a pentester or ethical hacker would use Metasploit for. They are:
Step 1: Choosing and configuring an exploit code
This step requires the professional to select code with the purpose of being able to penetrate a target system by taking advantage of a ‘vulnerability’ that is inherently embedded in the target box or network. Metasploit can pull nearly 1,000 exploits for Windows, Unix/Linux and Mac OS X systems
Step 2: Checking the Target
This step allows the hacker to discover with more accuracy if the target is penetrable with the chosen exploit. If not, then select another!
Step 3: Select and configure a payload to send to the target.
This could include, for instance, a remote shell or a VNC server.
Step 4: Get around the IDS/ IPS system (Intruston Detection System)
This step is all about using Metasploit to encode and encrypt the attack to essential go ‘under the radar.’
Step 5: Executing the exploit
This final step is all about the final and actual hack that can either pwn a box or network and/ or be able to remove data or deface a website (for example).
Recommended Metasploit Courses & Training
Like any learning, especially cyber security hacking/ pentesting training, the more ‘hands-on’ the course is, the more we recommend it. We’ve selected our preferred courses here.
Recommended Metasploit Tutorials
In this section we outline our favorite Nmap tutorials. If you have a tutorial or video to add then please get in contact with us.