Book Image

Mastering Metasploit - Third Edition

By : Nipun Jaswal
Book Image

Mastering Metasploit - Third Edition

By: Nipun Jaswal

Overview of this book

We start by reminding you about the basic functionalities of Metasploit and its use in the most traditional ways. You’ll get to know about the basics of programming Metasploit modules as a refresher and then dive into carrying out exploitation as well building and porting exploits of various kinds in Metasploit. In the next section, you’ll develop the ability to perform testing on various services such as databases, Cloud environment, IoT, mobile, tablets, and similar more services. After this training, we jump into real-world sophisticated scenarios where performing penetration tests are a challenge. With real-life case studies, we take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit framework. By the end of the book, you will be trained specifically on time-saving techniques using Metasploit.
Table of Contents (14 chapters)

Automation using Minion script

I was randomly checking GitHub for automation scripts when I found this gem of a script. Minion is a plugin for Metasploit, and it can be very handy for quick exploitation and scans. The minion plugin for Metasploit can be downloaded from https://github.com/T-S-A/Minion.

Once you download the file, copy it to the ~/.msf4/plugins directory, and fire up msfconsole:

In the previous chapters, we saw how we can quickly load a plugin into Metasploit using the load command. Similarly, let's load the minion plugin using the load minion command, as shown in the preceding screenshot. Once loaded successfully, switch to the workspace you have been working on or perform a Nmap scan if there are no hosts in the workspace:

Because the db_nmap scan has populated a good number of results, let's see what minion options are enabled to be used:

Plenty...