The Metasploit Project is a

computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...

project that provides information about security vulnerabilities and aids in

penetration testing A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. ...

and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7. Its best-known sub-project is the

open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...

Metasploit Framework, a tool for developing and executing

exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: * Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploita ...

code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. The Metasploit Project includes anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Metasploit is pre-installed in the

Kali Linux Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. Kali Linux has around 600 penetration-testing programs (tools), including Armitage (a g ...

operating system.

History

Metasploit was created by

H. D. Moore H. D. Moore is a network security expert, open source programmer, and hacker. He is a developer of the Metasploit Framework, a penetration testing software suite, and the founder of the Metasploit Project. He served as chief research officer at B ...

in 2003 as a portable network tool using

Perl Perl is a family of two High-level programming language, high-level, General-purpose programming language, general-purpose, Interpreter (computing), interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it ...

. By 2007, the Metasploit Framework had been completely rewritten in

Ruby A ruby is a pinkish red to blood-red colored gemstone, a variety of the mineral corundum (aluminium oxide). Ruby is one of the most popular traditional jewelry gems and is very durable. Other varieties of gem-quality corundum are called sapp ...

. On October 21, 2009, the Metasploit Project announced that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions. Like comparable commercial products such as Immunity's Canvas or Core Security Technologies' Core Impact, Metasploit can be used to test the vulnerability of computer systems or to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Since the acquisition of the Metasploit Framework, Rapid7 has added two

open core The open-core model is a business model for the monetization of commercially produced open-source software. Coined by Andrew Lampitt in 2008, the open-core model primarily involves offering a "core" or feature-limited version of a software pr ...

proprietary editions called Metasploit Express and Metasploit Pro. Metasploit's emerging position as the

de facto ''De facto'' ( ; , "in fact") describes practices that exist in reality, whether or not they are officially recognized by laws or other formal norms. It is commonly used to refer to what happens in practice, in contrast with '' de jure'' ("by l ...

exploit development framework led to the release of software vulnerability advisories often accompanied by a third party Metasploit exploit module that highlights the exploitability, risk and remediation of that particular bug. Metasploit 3.0 began to include

fuzzing In programming and software development, fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exception ...

tools, used to discover software vulnerabilities, rather than just exploits for known bugs. This avenue can be seen with the integration of the

lorcon lorcon (acronym for ''Loss Of Radio CONnectivity'') is an open source network tool. It is a library for injecting 802.11 (WLAN) frames, capable of injecting via multiple driver frameworks, without the need to change the application code. Lorcon is ...

wireless (802.11) toolset into Metasploit 3.0 in November 2006.

Metasploit Framework

The basic steps for exploiting a system using the Framework include. # Optionally checking whether the intended target system is vulnerable to an exploit. # Choosing and configuring an ''exploit'' (code that enters a target system by taking advantage of one of its

bugs Bugs may refer to: * Plural of bug Arts, entertainment and media Fictional characters * Bugs Bunny, a character * Bugs Meany, a character in the ''Encyclopedia Brown'' books Films * ''Bugs'' (2003 film), a science-fiction-horror film * ''Bugs ...

; about 900 different exploits for

Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...

Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...

and

macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...

systems are included). # Choosing and configuring a ''

payload Payload is the object or the entity which is being carried by an aircraft or launch vehicle. Sometimes payload also refers to the carrying capacity of an aircraft or launch vehicle, usually measured in terms of weight. Depending on the nature of ...

'' (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server). Metasploit often recommends a payload that should work. # Choosing the encoding technique so that hexadecimal opcodes known as "bad characters" are removed from the payload, these characters will cause the exploit to fail. # Executing the exploit. This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers and payload writers. Metasploit runs on Unix (including Linux and macOS) and on Windows. The Metasploit Framework can be extended to use add-ons in multiple languages. To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with

port scanning A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host a ...

and TCP/IP stack fingerprinting tools such as

Nmap Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym ''Fyodor Vaskovich''). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap prov ...

Vulnerability scanner A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses. These scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detecti ...

s such as Nessus, and

OpenVAS OpenVAS (''Open Vulnerability Assessment System'', originally known as ''GNessUs'') is the scanner component of Greenbone Vulnerability Manager (GVM), a software framework of several services and tools offering vulnerability scanning and vulnerab ...

can detect target system vulnerabilities. Metasploit can import vulnerability scanner data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation.

Metasploit interfaces

There are several interfaces for Metasploit available. The most popular are maintained by Rapid7 and Strategic Cyber LLC.

Metasploit Framework Edition

The free version. It contains a command line interface, third-party import, manual exploitation and manual brute forcing. This free version of the Metasploit project also includes Zenmap, a well known security scanner, and a compiler for Ruby, the language in which this version of Metasploit was written.

Metasploit Pro

In October 2010, Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers. Metasploit Pro adds onto Metasploit Express with features such as Quick Start Wizards/MetaModules, building and managing

social engineering Social engineering may refer to: * Social engineering (political science), a means of influencing particular attitudes and social behaviors on a large scale * Social engineering (security), obtaining confidential information by manipulating and/or ...

campaigns, web application testing, an advanced Pro Console, dynamic payloads for anti-virus evasion, integration with Nexpose for ad-hoc vulnerability scans, and VPN pivoting.

Discontinued editions of Metasploit

Metasploit Community Edition

The edition was released in October 2011, and included a free, web-based user interface for Metasploit. Metasploit Community Edition was based on the commercial functionality of the paid-for editions with a reduced set of features, including network discovery, module browsing and manual exploitation. Metasploit Community was included in the main installer. On July 18, 2019, Rapid7 announced the end-of-sale of Metasploit Community Edition. Existing users were able to continue using it until their license expired.

Metasploit Express Edition

The edition was released in April 2010, and was an open-core commercial edition for security teams who need to verify vulnerabilities. It offers a graphical user interface, It integrated nmap for discovery, and added smart brute-forcing as well as automated evidence collection. On June 4, 2019, Rapid7 discontinued Metasploit Express Edition.

Armitage

Armitage Armitage is a village in Staffordshire, England on the south side of the Trent and Mersey Canal south just outside of the market town of Rugeley and north of the city of Lichfield, and noteworthy for the Armitage Shanks sanitary porcelain fact ...

is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a

free and open source Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the source ...

network security Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves th ...

tool notable for its contributions to

red team A red team or team red are a group that plays the role of an enemy or competitor to provide security feedback from that perspective. Red teams are used in many fields, especially in cybersecurity, airport security, law enforcement, the military ...

collaboration allowing for shared sessions, data, and communication through a single Metasploit instance. Armitage latest release was at 2015.

Cobalt Strike

Cobalt Strike is a collection of threat emulation tools provided by HelpSystems to work with the Metasploit Framework. Cobalt Strike includes all features of

and adds post-exploitation tools, in addition to report generation features.

Exploits

Metasploit currently has over 2074 exploits, organized under the following platforms: AIX,

Android Android may refer to: Science and technology * Android (robot), a humanoid robot or synthetic organism designed to imitate a human * Android (operating system), Google's mobile operating system ** Bugdroid, a Google mascot sometimes referred to ...

, BSD, BSDi,

Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational corporation, multinational digital communications technology conglomerate (company), conglomerate corporation headquartered in San Jose, California. Cisco develo ...

Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and ...

FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...

HP-UX HP-UX (from "Hewlett Packard Unix") is Hewlett Packard Enterprise's proprietary implementation of the Unix operating system, based on Unix System V (initially System III) and first released in 1984. Current versions support HPE Integrit ...

Irix IRIX ( ) is a discontinued operating system developed by Silicon Graphics (SGI) to run on the company's proprietary MIPS workstations and servers. It is based on UNIX System V with BSD extensions. In IRIX, SGI originated the XFS file system ...

Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mo ...

JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of Website, websites use JavaScript on the Client (computing), client side ...

mainframe A mainframe computer, informally called a mainframe or big iron, is a computer used primarily by large organizations for critical applications like bulk data processing for tasks such as censuses, industry and consumer statistics, enterpris ...

, multi (applicable to multiple platforms),

NetBSD NetBSD is a free and open-source Unix operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is a ...

NetWare NetWare is a discontinued computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, using the IPX network protocol. The original NetWare product i ...

, nodejs,

OpenBSD OpenBSD is a security-focused operating system, security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking N ...

PHP PHP is a General-purpose programming language, general-purpose scripting language geared toward web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementati ...

, Python, R,

, Solaris,

, and

Payloads

Metasploit currently has over 592 payloads. Some of them are: * Command shell enables users to run collection scripts or run arbitrary commands against the host. * Meterpreter (the Metasploit Interpreter) enables users to control the screen of a device using VNC and to browse, upload and download files. * Dynamic payloads enable users to evade anti-virus defense by generating unique payloads. * Static payloads enable static IP address/port forwarding for communication between the host and the client system.

Auxiliary Modules

The Metasploit Framework includes hundreds of auxiliary modules that can perform scanning, fuzzing, sniffing, and much more. There are three types of auxiliary modules namely scanners, admin and server modules.

Contributors

Metasploit Framework operates as an open-source project and accepts contributions from the community through GitHub.com pull requests. Submissions are reviewed by a team consisting of both Rapid7 employees and senior external contributors. The majority of contributions add new modules, such as exploits or scanners. List of original developers: *

(founder and chief architect) * Matt Miller (core developer from 2004–2008) * Spoonm (core developer from 2003–2008)

References

External links

* {{Official website, https://www.metasploit.com Anti-forensic software Security testing tools Cryptographic attacks Free and open-source software organizations Cross-platform free software Free security software Free software programmed in Ruby Injection exploits Software testing Web security exploits Windows security software MacOS security software Unix network-related software Pentesting software toolkits Software using the BSD license