What is Metasploit firstly?
Well, it is a simple way to exploit vulnerable systems.
I have a few things to try and do this week. I have several Metasploit posts to complete as well as a couple on IPv6.
First… Metasploit has been around since H.D. Moore released it in 2003. It has grown immensely and an entire community has arisen to support and develop it further. It can run on:
- as well as on MacOS X
Where to start…
I would recommend starting with IronGeek’s tutorials. These are an excellent start to understanding Metasploit. They start on the web interface which I do not like as much (I am still an old fuddy and love CLIs).
Next, download a copy…
I will run through this in Windows for now… Linux later. Just:
- Goto the site:
- Click download for the platform you are using. Save the file in Windows.
- Install it in the normal way.
Windows is rather simple – just a standard installer and you are done.
I will be stepping through setting up and using Metasploit a little at a time this week. I am doing Windows this week and Linux next.
Some of the other tools that work well with Metasploit include the following:
- BiDiBLAH is an Automated Assessment Tool by SensePost. Now end of life and depreciated, but a good toy to play with and learn.
- Yeti. Early days still, but well worth watching.
- Nessus of course. Well we need a way to find what is actually vulnerable. Just network vulnerabilities really, but a start.
Tomorrow I will do a step by step install and configuration.