"The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection."
Metasploit was originally created by H. D. Moore in 2003, using the Perl programming language. In 2009, the Metasploit Project was acquired by the cybersecurity company Rapid7. Before the acquisition, in 2007, the framework was completely rewritten in the Ruby programming language.
Keep updating
https://github.com/rapid7/metasploit-framework
Install/Upgrade metesploit framework on Linux
curl -k https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall \ && chmod +x msfinstall \ && ./msfinstall
Init database
db_init db_status db_connect
Get help
msfconsole -h
msf6 > search msf6 > use msf6 > msfupdate
Metasploit tips
Search can apply complex filters such as search cve:2009 type:exploit, see all the filters with help search
Use the edit command to open the currently active module in your editor
On Fedora Workstation 32
[tuyen@g73jh ~]$ msfconsole ** Welcome to Metasploit Framework Initial Setup ** Please answer a few questions to get started. Would you like to use and setup a new database (recommended)? Please answer yes or no. Would you like to use and setup a new database (recommended)? yes Creating database at /home/tuyen/.msf4/db Starting database at /home/tuyen/.msf4/db...success Creating database users Writing client authentication configuration file /home/tuyen/.msf4/db/pg_hba.conf Stopping database at /home/tuyen/.msf4/db Starting database at /home/tuyen/.msf4/db...success Creating initial database schema [?] Initial MSF web service account username? [tuyen]: [?] Initial MSF web service account password? (Leave blank for random password): Generating SSL key and certificate for MSF web service Attempting to start MSF web service...success MSF web service started and online Creating MSF web service user tuyen ############################################################ ## MSF Web Service Credentials ## ## ## ## Please store these credentials securely. ## ## You will need them to connect to the webservice. ## ############################################################ MSF web service username: tuyen MSF web service password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx MSF web service user API token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx MSF web service configuration complete The web service has been configured as your default data service in msfconsole with the name "local-https-data-service" If needed, manually reconnect to the data service in msfconsole using the command: db_connect --token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx --cert /home/tuyen/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443 The username and password are credentials for the API account: https://localhost:5443/api/v1/auth/account ** Metasploit Framework Initial Setup Complete ** =[ metasploit v6.0.9-dev- ] + -- --=[ 2068 exploits - 1123 auxiliary - 352 post ] + -- --=[ 592 payloads - 45 encoders - 10 nops ] + -- --=[ 7 evasion ] Metasploit tip: Search can apply complex filters such as search cve:2009 type:exploit, see all the filters with help search msf6 >
msf6 > msfupdate [*] exec: msfupdate Switching to root user to update the package [sudo] password for tuyen: Checking for and installing update.. Adding metasploit-framework to your repository list..Metasploit [=== Metasploit 12 kB/s | 3.0 kB 00:00 Package metasploit-framework-6.0.9+20201001102443~1rapid7-1.el6.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! msf6 >
Practice
https://tryhackme.com/room/ccpentesting