The Metasploit Framework is a key resource for security assessors. Whether your goal is to become a commercial penetration tester, to demonstrate the risk of a vulnerability, or just need to identify certain weaknesses in your environment, Metasploit is your tool. Understanding how it works, and how to get started is the first step.
The Metasploit project was started in 2003 by HD Moore as an open source framework for developing and executing exploits. Its modular design allows developers to focus on the code unique to their objective without having to recreate components like transport methods or payloads. It has since grown to include thousands of modules for exploitation, post-exploitation attacks, scanning, encoding, and others.
In addition to exploiting known vulnerabilities, Metasploit has the functionality to do port scans, identify systems with default passwords, use credentials or hashes to run commands on remote systems, and much more. You can even set up listeners for capturing user credentials via common protocols like HTTP and SMB to be used in multi-part attacks. And if the functionality you need doesn't exist, it's very easy to write your own new modules.
Before you get to all that though, you have to understand how Metasploit works and get it up and running. We put together a one-hour webcast to help you get started. Whether you've never used Metasploit, or just need a refresher course, this video will walk you through the basic steps of understanding how things work, getting it installed, and exploiting your first vulnerability.
Watch the full recording of Introduction to Metasploit.
To go a step further, we have an additional recording designed to help you become more proficient in Metasploit: Getting Started with Metasploit.
Want professionals using Metasploit against your environment?
Our team uses Metasploit and a full arsenal of exploitation tools during penetration tests to demonstrate real-world risk. Reach out to discuss a security assessment.
Talk to Our Team