search

🧰 Introduction to Metasploit Framework (MSF)

hashtag
πŸ“Œ What is Metasploit?

  • Metasploit Project: Ruby-based penetration testing framework

  • Offers tools for:

    • Writing & testing exploits

    • Payload generation

    • Network enumeration

    • Post-exploitation

    • Evading detection

hashtag
🧠 Two Versions of Metasploit

Version
Key Features

Metasploit Framework

Open Source, CLI (msfconsole), modular, community-driven

Metasploit Pro

GUI, Paid, Enterprise-focused: adds features like Nexpose integration, phishing, session mgmt

πŸ› οΈ Metasploit Pro - Capabilities

Infiltrate

Collect Data

Remediate

Manual Exploits

Import/Scan Data

Bruteforce, Credential Reuse

AV/IPS Evasion

Discovery/Nexpose

Persistent Sessions, Session Mgmt

Phishing Wizard

Evidence Collection

Reporting, Export, Task Chains

hashtag
πŸ–₯️ msfconsole - The Interface

  • Command-line UI for the Framework

  • Most complete & only supported way to access all Metasploit features

βœ… msfconsole Perks

  • Tab completion

  • External command execution (!ping, !whoami)

  • Modular control: payloads, exploits, jobs, sessions

  • Stable and widely adopted by professionals

hashtag
βš™οΈ Metasploit Framework Architecture

πŸ—‚οΈ Located at:

hashtag
πŸ“ Key Folders:

Folder
Description

data/

Templates, files, wordlists, etc.

lib/

Core Metasploit libraries

documentation/

Technical docs

modules/

All exploits, payloads, auxiliary, etc.

plugins/

Extend msfconsole with more features (e.g. Nexpose, sqlmap)

scripts/

Used with Meterpreter & automation

tools/

External tools: module dev, payload gen, memory dump, recon

hashtag
πŸ“¦ Modules Folder

Folder
Purpose

auxiliary/

Scanners, fuzzers, sniffers

encoders/

Obfuscate payloads to bypass AV

evasion/

Anti-AV techniques

exploits/

Ready-to-use attack modules

nops/

No-operation padding instructions

payloads/

Reverse shells, bind shells, stagers

post/

Post-exploitation tools

hashtag
πŸ”Œ Plugins Folder

  • Used to extend Metasploit functionality during pentests

πŸ” Examples:

  • nessus.rb β†’ Integrate with Nessus

  • openvas.rb β†’ OpenVAS plugin

  • sqlmap.rb β†’ Web app SQL injection

  • session_tagger.rb β†’ Tag active sessions

hashtag
🧾 Scripts Folder

  • Used for:

    • Automating Meterpreter tasks

    • Resource scripts for batch command execution

hashtag
πŸ§ͺ Tools Folder

  • Command-line utilities for:

    • Payload creation

    • Exploit testing

    • Recon

    • Password tools

PreviousIntroductionNextMSF Engagement Structure

Last updated