Metasploit - Intro

Introduction

Metasploit is a widely used penetration testing framework that helps security professionals identify and exploit vulnerabilities in computer systems. It consists of a database of known vulnerabilities, and tools scripts for exploiting them.

Components of Metasploit

Modules

They are the building blocks of Metasploit, including exploits, payloads, auxiliary functions, encoders, and post-exploitation tools.

Auxiliary modules

These are the tools that help in reconnaissance, scanning, and other tasks not directly related to exploitation.

Exploits

Exploits include codes that takes advantage of a vulnerability in a system or application.

Payloads

Payloads include pieces of code that run on the target system after exploiting a vulnerability (e.g., shellcode).

Encoders

Encoders are used to obfuscate payloads to evade detection by security mechanisms.

Evasion

It helps payloads avoid detection by IDS and firewall and bypass them.

NOPs

They are the no-operation instructions used to pad payloads to the correct size.

Post

It is used after successful exploitation of target machine. It allows penetration testers to maintain control ans gather information from compromised systems.