Metasploit

Metasploit
	Metasploit Community showing three hosts, two of which were compromised by an exploit
Original author(s)	H. D. Moore
Developer(s)	Rapid7, Inc.
Initial release	2003; 21 years ago
Stable release	6.3.36 / September 28, 2023
Repository	github.com/rapid7
Written in	Ruby
Operating system	Cross-platform
Type	Security
License	Framework: BSD, Community/Express/Pro: Proprietary
Website	www.metasploit.com

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

Its best-known sub-project is the open-source^[3] Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.

The Metasploit Project includes anti-forensic and evasion tools, some of which are built into the Metasploit Framework. In various operating systems it comes pre installed.

History edit

Metasploit was created by H. D. Moore in 2003 as a portable network tool using Perl. By 2007, the Metasploit Framework had been completely rewritten in Ruby. On October 21, 2009, the Metasploit Project announced^[4] that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.

Like comparable commercial products such as Immunity's Canvas or Core Security Technologies' Core Impact, Metasploit can be used to test the vulnerability of computer systems or to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Since the acquisition of the Metasploit Framework, Rapid7 has added an open core proprietary edition called Metasploit Pro.^[5]

Metasploit's emerging position as the de facto exploit development framework^[6] led to the release of software vulnerability advisories often accompanied^[7] by a third party Metasploit exploit module that highlights the exploitability, risk and remediation of that particular bug.^[8]^[9] Metasploit 3.0 began to include fuzzing tools, used to discover software vulnerabilities, rather than just exploits for known bugs. This avenue can be seen with the integration of the lorcon wireless (802.11) toolset into Metasploit 3.0 in November 2006.

Framework edit

The basic steps for exploiting a system using the Framework include.

Optionally checking whether the intended target system is vulnerable to an exploit.
Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and macOS systems are included).
Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server). Metasploit often recommends a payload that should work.
Choosing the encoding technique so that hexadecimal opcodes known as "bad characters" are removed from the payload, these characters will cause the exploit to fail.
Executing the exploit.

This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers and payload writers.

Metasploit runs on Unix (including Linux and macOS) and on Windows. The Metasploit Framework can be extended to use add-ons in multiple languages.

To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with port scanning and TCP/IP stack fingerprinting tools such as Nmap. Vulnerability scanners such as Nessus, and OpenVAS can detect target system vulnerabilities. Metasploit can import vulnerability scanner data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation.^[10]

Interfaces edit

There are several interfaces for Metasploit available. The most popular are maintained by Rapid7 and Strategic Cyber LLC.^[11]

Framework Edition edit

The free version. It contains a command line interface, third-party import, manual exploitation and manual brute forcing. This free version of the Metasploit project also includes Zenmap, a well known security scanner, and a compiler for Ruby, the language in which this version of Metasploit was written. ^[11]

Pro edit

In October 2010, Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers. Metasploit Pro adds onto Metasploit Express with features such as Quick Start Wizards/MetaModules, building and managing social engineering campaigns, web application testing, an advanced Pro Console, dynamic payloads for anti-virus evasion, integration with Nexpose for ad-hoc vulnerability scans, and VPN pivoting.

Discontinued editions edit

Community edit

The edition was released in October 2011, and included a free, web-based user interface for Metasploit. Metasploit Community Edition was based on the commercial functionality of the paid-for editions with a reduced set of features, including network discovery, module browsing and manual exploitation. Metasploit Community was included in the main installer.

On July 18, 2019, Rapid7 announced the end-of-sale of Metasploit Community Edition.^[12] Existing users were able to continue using it until their license expired.

Express edit

The edition was released in April 2010, and was an open-core commercial edition for security teams who need to verify vulnerabilities. It offers a graphical user interface, It integrated nmap for discovery, and added smart brute-forcing as well as automated evidence collection.

On June 4, 2019, Rapid7 discontinued Metasploit Express Edition.^[13]

Armitage edit

Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for shared sessions, data, and communication through a single Metasploit instance.^[14]

The latest release of Armitage was in 2015.

Cobalt Strike edit

Cobalt Strike is a collection of threat emulation tools provided by HelpSystems to work with the Metasploit Framework.^[15] Cobalt Strike includes all features of Armitage and adds post-exploitation tools, in addition to report generation features.^[16]

Exploits edit

Metasploit currently has over 2074 exploits, organized under the following platforms: AIX, Android, BSD, BSDi, Cisco, Firefox, FreeBSD, HP-UX, Irix, Java, JavaScript, Linux, mainframe, multi (applicable to multiple platforms), NetBSD, NetWare, nodejs, OpenBSD, macOS, PHP, Python, R, Ruby, Solaris, Unix, and Windows.

Payloads edit

Metasploit currently has over 592 payloads. Some of them are:

Command shell enables users to run collection scripts or run arbitrary commands against the host.
Meterpreter (the Metasploit Interpreter) enables users to control the screen of a device using VNC and to browse, upload and download files.
Dynamic payloads enable users to evade anti-virus defense by generating unique payloads.
Static payloads enable static IP address/port forwarding for communication between the host and the client system.

Auxiliary modules edit

The Metasploit Framework includes hundreds of auxiliary modules that can perform scanning, fuzzing, sniffing, and much more. There are three types of auxiliary modules namely scanners, admin and server modules.

Contributors edit

Metasploit Framework operates as an open-source project and accepts contributions from the community through GitHub.com pull requests.^[17] Submissions are reviewed by a team consisting of both Rapid7 employees and senior external contributors. The majority of contributions add new modules, such as exploits or scanners.^[18]

List of original developers:

H. D. Moore (founder and chief architect)
Matt Miller (core developer from 2004–2008)
Spoonm (core developer from 2003–2008)

References edit

^ "A Brief History of Metasploit".
^ "Tags · rapid7/Metasploit-framework". GitHub.
^ ^a ^b "3-clause BSD license". GitHub. Retrieved 2013-06-24.
^ "Rapid7 Press Release". Rapid7. Retrieved 18 February 2015.
^ "Metasploit Editions: Network Pen Testing Tool". Rapid7. Retrieved 2023-08-03.
^ "Vulnerability exploitation tools – SecTools Top Network Security Tools". Retrieved 18 February 2015.
^ Metasploit. "Metasploit". www.exploit-db.com. Retrieved 2017-01-14.
^ "ACSSEC-2005-11-25-0x1 VMWare Workstation 5.5.0 <= build-18007 GSX Server Variants And Others". December 20, 2005. Archived from the original on 2007-01-07.
^ "Month of Kernel Bugs – Broadcom Wireless Driver Probe Response SSID Overflow". November 11, 2006. Archived from the original on January 3, 2013.
^ "Penetration Testing Tool, Metasploit, Free Download - Rapid7". Rapid7. Retrieved 18 February 2015.
^ ^a ^b "Metasploit editions". rapid7.com. rapid7. Retrieved 16 February 2013.
^ "End of Sale Announced for Metasploit Community". Rapid7 Blog. 2019-07-18. Retrieved 2020-07-13.
^ "Announcement: End of Life for Metasploit Express Edition". Rapid7 Blog. 2018-06-04. Retrieved 2020-07-13.
^ "Armitage A GUI for Metasploit". Strategic Cyber LLC. Retrieved 2013-11-18.
^ "Adversary Simulation and Red Team Operations Software - Cobalt Strike". cobaltstrike.com. Retrieved 2019-01-22.
^ "Armitage vs Cobalt Hooked Strike". Strategic Cyber LLC. Retrieved 2013-11-18.
^ "rapid7/metasploit-framework". GitHub. Retrieved 2017-01-14.
^ "Contributing to Metasploit". Rapid7, Inc. Retrieved 2014-06-09.

External links edit

Official website

[1] "A Brief History of Metasploit".

[2] "Tags · rapid7/Metasploit-framework". GitHub.

[bsdlicense-3] "3-clause BSD license". GitHub. Retrieved 2013-06-24.

[:0-4] "Rapid7 Press Release". Rapid7. Retrieved 18 February 2015.

[5] "Metasploit Editions: Network Pen Testing Tool". Rapid7. Retrieved 2023-08-03.

[:1-6] "Vulnerability exploitation tools – SecTools Top Network Security Tools". Retrieved 18 February 2015.

[:2-7] Metasploit. "Metasploit". www.exploit-db.com. Retrieved 2017-01-14.

[VMwareNAT-8] "ACSSEC-2005-11-25-0x1 VMWare Workstation 5.5.0 <= build-18007 GSX Server Variants And Others". December 20, 2005. Archived from the original on 2007-01-07.

[MOKB-11-11-2006-9] "Month of Kernel Bugs – Broadcom Wireless Driver Probe Response SSID Overflow". November 11, 2006. Archived from the original on January 3, 2013.

[10] "Penetration Testing Tool, Metasploit, Free Download - Rapid7". Rapid7. Retrieved 18 February 2015.

[Metasploit_editions-11] "Metasploit editions". rapid7.com. rapid7. Retrieved 16 February 2013.

[12] "End of Sale Announced for Metasploit Community". Rapid7 Blog. 2019-07-18. Retrieved 2020-07-13.

[13] "Announcement: End of Life for Metasploit Express Edition". Rapid7 Blog. 2018-06-04. Retrieved 2020-07-13.

[14] "Armitage A GUI for Metasploit". Strategic Cyber LLC. Retrieved 2013-11-18.

[15] "Adversary Simulation and Red Team Operations Software - Cobalt Strike". cobaltstrike.com. Retrieved 2019-01-22.

[16] "Armitage vs Cobalt Hooked Strike". Strategic Cyber LLC. Retrieved 2013-11-18.

[17] "rapid7/metasploit-framework". GitHub. Retrieved 2017-01-14.

[18] "Contributing to Metasploit". Rapid7, Inc. Retrieved 2014-06-09.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]