From the course: Metasploit Essential Training
What is Metasploit?
From the course: Metasploit Essential Training
What is Metasploit?
- [Instructor] What is Metasploit? Metasploit is an open source penetration testing and security framework providing tools and exploits. The framework makes hacking simple for both attackers and defenders. Metasploit has been a favorite tool among IT and security pros since 2003. Originally written in Perl in 2003 by H.D. Moore. Metasploit was rewritten in Ruby in 2007. The Metasploit Project was then acquired by Rapid7 in 2009. Metasploit is a Ruby-based open source framework that allows testing via command line or GUI interface. It can also be extended through coding to act as an add-on that supports multiple languages. The various tools, libraries, user interfaces, and modules of Metasploit allow a user to configure an exploit module, pair with a payload, point at a target and launch at the target system. Metasploit now includes more than 1600 exploits organized over 25 platforms, including Android, PHP, Python, Java, Cisco, and more. The framework also carries nearly 500 payloads. It is popular with hackers and widely available, which reinforces the need for you, as a security professional, to become familiar with the framework even if you don't use it on a regular basis. Metasploit provides many modules. A few of the common categories are exploits. These are tools used to take advantage of system weaknesses. Payloads are sets of malicious code. Auxiliary functions are extra tools and commands to help in the process. Encoders are used to convert code or information. Listeners are used to create the link between the target and the malicious hacker. And shellcode is the code that executes once it runs on the target. There are others that enhance the overall use and control when attacking various devices. The purpose of Metasploit is to help users identify where they are most likely to face attacks by hackers and proactively mend these weaknesses before exploitation by hackers. Who is Metasploit for? Well with the wide range of applications and open source availability that Metasploit offers, the framework is used by professionals in development, security, and operations, all the way to hackers. The framework is popular with hackers and easily available, making an easy to install, reliable tool, for security professionals to become familiar with even if they don't use it on a regular basis. Metasploit comes in two flavors depending on your requirements and need. Metasploit Pro is recommended for penetration testers and IT security teams and offers a comprehensive set of advanced features. If you're simply looking for a basic command line interface and manual exploitation, then you can check out the Metasploit Framework. For the purposes of this course we will focus on using the free Metasploit Framework, which is found within many of the Linux security distributions such as CARLA Linux. The minimum operating system requirements for running Metasploit are Ubuntu Linux, version 14.04 and higher, Windows Server 2008 R2 and higher, Windows 10, as well as Windows 7 Service Pack 1 and 8, and then of course RedHat Linux Server 5.10 or later. Metasploit also supports the following browsers, Google Chrome, Mozilla Firefox, and Microsoft Edge. Now to download Metasploit, installers are built nightly for Mac OS, Windows 64 bit, and Linux. These installers include dependencies and integrate with your package manager. Linux packages are built nightly for I386, AMD64, and ARM 64, and RPM Systems. Debian and Ubuntu packages are available at metasploit.com and then the CentOS, RedHat, Fedora packages are also available at Metasploit. You can also download the latest Mac OS installer package directly from Metasploit, with the last 10 builds being archived if you need to go back to a previous version. You can download and launch the installer to install the framework along with all the dependencies. You can also download the latest Windows installer or view older builds if needed. To install you download the MSI package, adjust your antivirus if needed, to ignore the specific location, and then simply use Metasploit at that point.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.