"The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection."
Keep updating
https://github.com/rapid7/metasploit-framework
Install/Upgrade metesploit framework on Linux
curl -k https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall \ && chmod +x msfinstall \ && ./msfinstall
Init database
db_init db_status db_connect
Get help
msfconsole -h
msf6 > search msf6 > use msf6 > msfupdate
Metasploit tips
Search can apply complex filters such as search cve:2009 type:exploit, see all the filters with help search
Use the edit command to open the currently active module in your editor
On Fedora Workstation 32
[tuyen@g73jh ~]$ msfconsole
** Welcome to Metasploit Framework Initial Setup **
Please answer a few questions to get started.
Would you like to use and setup a new database (recommended)?
Please answer yes or no.
Would you like to use and setup a new database (recommended)? yes
Creating database at /home/tuyen/.msf4/db
Starting database at /home/tuyen/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/tuyen/.msf4/db/pg_hba.conf
Stopping database at /home/tuyen/.msf4/db
Starting database at /home/tuyen/.msf4/db...success
Creating initial database schema
[?] Initial MSF web service account username? [tuyen]:
[?] Initial MSF web service account password? (Leave blank for random password):
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
MSF web service started and online
Creating MSF web service user tuyen
############################################################
## MSF Web Service Credentials ##
## ##
## Please store these credentials securely. ##
## You will need them to connect to the webservice. ##
############################################################
MSF web service username: tuyen
MSF web service password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
MSF web service user API token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
MSF web service configuration complete
The web service has been configured as your default data service in msfconsole with the name "local-https-data-service"
If needed, manually reconnect to the data service in msfconsole using the command:
db_connect --token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx --cert /home/tuyen/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443
The username and password are credentials for the API account:
https://localhost:5443/api/v1/auth/account
** Metasploit Framework Initial Setup Complete **
=[ metasploit v6.0.9-dev- ]
+ -- --=[ 2068 exploits - 1123 auxiliary - 352 post ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops ]
+ -- --=[ 7 evasion ]
Metasploit tip: Search can apply complex filters such as search cve:2009 type:exploit, see all the filters with help search
msf6 >
msf6 > msfupdate [*] exec: msfupdate Switching to root user to update the package [sudo] password for tuyen: Checking for and installing update.. Adding metasploit-framework to your repository list..Metasploit [=== Metasploit 12 kB/s | 3.0 kB 00:00 Package metasploit-framework-6.0.9+20201001102443~1rapid7-1.el6.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! msf6 >
Practice
https://tryhackme.com/room/ccpentesting