The Metasploit Project is a computer security project written in ruby that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
github link: https://github.com/rapid7/metasploit-framework
Due to its wide range of applications and open-source availability, Metasploit is used by everyone White hat hackers and black hat hackers this tool is great for pentesting and exploiting weaknesses in systems and if there is no weaknesses this helps in creating payloads which are used to hack other system .
Payloads
Metasploit now includes more than 1677 exploits organized over 25 platforms, including Android, PHP, Python, Java, Cisco, and more. The framework also carries nearly 500 payloads
this includes:
- Command shell payloads that enable users to run scripts or random commands against a host
- Dynamic payloads that allow testers to generate unique payloads to evade antivirus software
- Meterpreter payloads that allow users to commandeer device monitors using VMC and to take over sessions or upload and download files
- Static payloads that enable port forwarding and communications between networks
Metasploit modules
- Exploits: Tool used to take advantage of system weaknesses.
- Payloads: Sets of malicious code.
- Auxiliary functions: Supplementary tools and commands.
- Encoders: Used to convert code or information.
- Listeners: Malicious software that hides in order to gain access.
- Shellcode: Code that is programmed to activate once inside the target.
- Post-exploitation code: Helps test deeper penetration once inside.
- Nope: An instruction to keep the payloads from crashing.
Installation and os supported
The os which are supporting metasploit are kali linux, debian, ubuntu & windows.
- kali linux: kali comes pre installed with metasploit and it is preferred the most by pentesters and hackers as it has the best security features and as it is a linux distro it is safe from a lot of malware.
- debian: debian does not come with metasploit but u can download it from the instructions from the docs of metasploit.
- ubuntu: ubuntu not come with metasploit but u can download it from the instructions from the docs of metasploit.
- windows: installing metasploit in windows is a difficult process u need to follow a lot of steps and things to get it and there is a risk of destroying ur pc in the process definitely u can do the same installation in the wsl2 debian virsion of windows and it works in it but u have to do it on ur own risk binary installer .
Hardware requirements
- 2 GHz+ processor
- Minimum 4 GB RAM, but 8 GB is recommended
- Minimum 1 GB disk space, but 50 GB is recommended
Main tools included in metasploit
- msfconsole : the main console or control program .
- msfvenom : the payload generator.
- the rest are the additional programs which helps to do the job.
Tutorial Videos
- setup in ubuntu :-
https://www.youtube.com/watch?v=q1ysYODliHo
- setup in debian :-
https://www.youtube.com/watch?v=ROKbKdiacuM
- setup in kali wsl :-
https://www.youtube.com/watch?v=9TVhEDv5MmA
- complete using tutorial by hackersploit :-
https://www.youtube.com/watch?v=8lR27r8Y_ik
Reference
thanks to JEFF PETTERS as i got many points from his article.
follow me
follow my twitter account for latest updates