Metasploit is the most widely used open source tool for pentesting. It was first developed by HD Moore in 2001 in Perl; later, it was completely rewritten in Ruby and then it was acquired by Rapid7.
Metasploit contains a collection of exploits, payloads, and encoders, which can be used to identify and exploit vulnerabilities during a pentest project. In this chapter, we will cover a few recipes that will enable the use of the Metasploit Framework (MSF) more efficiently.
The following steps demonstrate the use of MSF:
- Start the MSF by typing the following command:
msfconsole
The following screenshot shows the output of the preceding command:
- To search for an exploit, we type this:
search exploit_name
The following screenshot shows the output of the preceding command:
- To use an exploit, we type this:
use exploits/path/to/exploit
The following screenshot shows the output of the preceding command:
- Next, we look at the options by typing the following:
show options
- Here, we will...