2. What is Metasploit?
• Metasploit is an open-source computer security project.
• A Penetration testing platform that enables you to find,
exploit, and validate vulnerabilities.
• It is not a single tool; it is a framework.
• It is used for developing and executing exploit code
against the remote target.
• We can exploit most of the vulnerabilities that exist in
a software.
2
3. Metasploit History
• It was developed by a security
researcher HD Moore in October
2003.
• He used Perl scripting language to
develop it.
• Gained high popularity in security
field and was rewritten
in Ruby programming language.
• In 2009 Metasploit was acquired
by a Security firm called Rapid7.
4. Metasploit Platform
4
• The platform includes the
Metasploit Pro
(commercial) and Metasploit
Framework (open-source).
5. Metasploit Architecture
5
• Libraries:
1. Rex: It is the primary library for
performing most tasks. It
handles sockets and different
types of protocols.
2. MSF Core: It Provides the basic
API. Defines the Metasploit
framework.
3. MSF Base: It provides a friendly
API. Provides simplified APIs for
use in the framework Source: https://www.varonis.com/blog/what-is-metasploit
6. Metasploit Architecture (Cont.)
6
• Modules:
1. Payload: A payload is a piece of code
that runs in the target system remotely.
2. Exploit: Exploit is a piece of software,
chunk of data, or a sequence of code
that takes the advantage of a bug or
vulnerability.
3. Auxiliary modules: This module is used
for scanning, fuzzing, and doing various
tasks.
4. Encoder: A program that encodes our
payloads to avoid antivirus detection.
5. Nops: Instruction to keep the payload
from crashing.
Source: https://www.varonis.com/blog/what-is-metasploit