"The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection."
Metasploit was originally created by H. D. Moore in 2003, using the Perl programming language. In 2009, the Metasploit Project was acquired by the cybersecurity company Rapid7. Before the acquisition, in 2007, the framework was completely rewritten in the Ruby programming language.
Keep updating
https://github.com/rapid7/metasploit-framework
Install/Upgrade metesploit framework on Linux
curl -k https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall \ && chmod +x msfinstall \ && ./msfinstall
Init database
db_init db_status db_connect
Get help
msfconsole -h
msf6 > search msf6 > use msf6 > msfupdate
Metasploit tips
Search can apply complex filters such as search cve:2009 type:exploit, see all the filters with help search
Use the edit command to open the currently active module in your editor
On Fedora Workstation 32
[tuyen@g73jh ~]$ msfconsole
** Welcome to Metasploit Framework Initial Setup **
Please answer a few questions to get started.
Would you like to use and setup a new database (recommended)?
Please answer yes or no.
Would you like to use and setup a new database (recommended)? yes
Creating database at /home/tuyen/.msf4/db
Starting database at /home/tuyen/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/tuyen/.msf4/db/pg_hba.conf
Stopping database at /home/tuyen/.msf4/db
Starting database at /home/tuyen/.msf4/db...success
Creating initial database schema
[?] Initial MSF web service account username? [tuyen]:
[?] Initial MSF web service account password? (Leave blank for random password):
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
MSF web service started and online
Creating MSF web service user tuyen
############################################################
## MSF Web Service Credentials ##
## ##
## Please store these credentials securely. ##
## You will need them to connect to the webservice. ##
############################################################
MSF web service username: tuyen
MSF web service password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
MSF web service user API token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
MSF web service configuration complete
The web service has been configured as your default data service in msfconsole with the name "local-https-data-service"
If needed, manually reconnect to the data service in msfconsole using the command:
db_connect --token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx --cert /home/tuyen/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443
The username and password are credentials for the API account:
https://localhost:5443/api/v1/auth/account
** Metasploit Framework Initial Setup Complete **
=[ metasploit v6.0.9-dev- ]
+ -- --=[ 2068 exploits - 1123 auxiliary - 352 post ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops ]
+ -- --=[ 7 evasion ]
Metasploit tip: Search can apply complex filters such as search cve:2009 type:exploit, see all the filters with help search
msf6 >
msf6 > msfupdate [*] exec: msfupdate Switching to root user to update the package [sudo] password for tuyen: Checking for and installing update.. Adding metasploit-framework to your repository list..Metasploit [=== Metasploit 12 kB/s | 3.0 kB 00:00 Package metasploit-framework-6.0.9+20201001102443~1rapid7-1.el6.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! msf6 >
Practice
https://tryhackme.com/room/ccpentesting