Metasploit

Metasploit
	Metasploit Community showing three hosts, two of which were compromised by an exploit
Original author(s)	H. D. Moore
Developer(s)	Rapid7, Inc.
Initial release	2003;21 years ago
Stable release	6.3.36 / September 28, 2023
Repository	github.com/rapid7
Written in	Ruby
Operating system	Cross-platform
Type	Security
License	Framework: BSD, Community/Express/Pro: Proprietary
Website	www.metasploit.com

Last updated January 27, 2024

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

History

Metasploit was created by H. D. Moore in 2003 as a portable network tool using Perl. By 2007, the Metasploit Framework had been completely rewritten in Ruby. On October 21, 2009, the Metasploit Project announced^[4] that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.

Like comparable commercial products such as Immunity's Canvas or Core Security Technologies' Core Impact, Metasploit can be used to test the vulnerability of computer systems or to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Since the acquisition of the Metasploit Framework, Rapid7 has added an open core proprietary edition called Metasploit Pro.^[5]

Metasploit's emerging position as the de facto exploit development framework^[6] led to the release of software vulnerability advisories often accompanied^[7] by a third party Metasploit exploit module that highlights the exploitability, risk and remediation of that particular bug.^[8]^[9] Metasploit 3.0 began to include fuzzing tools, used to discover software vulnerabilities, rather than just exploits for known bugs. This avenue can be seen with the integration of the lorcon wireless (802.11) toolset into Metasploit 3.0 in November 2006.

Framework

The basic steps for exploiting a system using the Framework include.

Optionally checking whether the intended target system is vulnerable to an exploit.
Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and macOS systems are included).
Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server). Metasploit often recommends a payload that should work.
Choosing the encoding technique so that hexadecimal opcodes known as "bad characters" are removed from the payload, these characters will cause the exploit to fail.
Executing the exploit.

This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers and payload writers.

Metasploit runs on Unix (including Linux and macOS) and on Windows. The Metasploit Framework can be extended to use add-ons in multiple languages.

To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with port scanning and TCP/IP stack fingerprinting tools such as Nmap. Vulnerability scanners such as Nessus, and OpenVAS can detect target system vulnerabilities. Metasploit can import vulnerability scanner data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation.^[10]

Interfaces

There are several interfaces for Metasploit available. The most popular are maintained by Rapid7 and Strategic Cyber LLC.^[11]

Framework Edition

The free version. It contains a command line interface, third-party import, manual exploitation and manual brute forcing. This free version of the Metasploit project also includes Zenmap, a well known security scanner, and a compiler for Ruby, the language in which this version of Metasploit was written. ^[11]

Pro

In October 2010, Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers. Metasploit Pro adds onto Metasploit Express with features such as Quick Start Wizards/MetaModules, building and managing social engineering campaigns, web application testing, an advanced Pro Console, dynamic payloads for anti-virus evasion, integration with Nexpose for ad-hoc vulnerability scans, and VPN pivoting.

Discontinued editions

Community

The edition was released in October 2011, and included a free, web-based user interface for Metasploit. Metasploit Community Edition was based on the commercial functionality of the paid-for editions with a reduced set of features, including network discovery, module browsing and manual exploitation. Metasploit Community was included in the main installer.

On July 18, 2019, Rapid7 announced the end-of-sale of Metasploit Community Edition.^[12] Existing users were able to continue using it until their license expired.

Express

The edition was released in April 2010, and was an open-core commercial edition for security teams who need to verify vulnerabilities. It offers a graphical user interface, It integrated nmap for discovery, and added smart brute-forcing as well as automated evidence collection.

On June 4, 2019, Rapid7 discontinued Metasploit Express Edition.^[13]

Armitage

Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for shared sessions, data, and communication through a single Metasploit instance.^[14]

The latest release of Armitage was in 2015.

Cobalt Strike

Cobalt Strike is a collection of threat emulation tools provided by HelpSystems to work with the Metasploit Framework.^[15] Cobalt Strike includes all features of Armitage and adds post-exploitation tools, in addition to report generation features.^[16]

Exploits

Metasploit currently has over 2074 exploits, organized under the following platforms: AIX, Android, BSD, BSDi, Cisco, Firefox, FreeBSD, HP-UX, Irix, Java, JavaScript, Linux, mainframe, multi (applicable to multiple platforms), NetBSD, NetWare, nodejs, OpenBSD, macOS, PHP, Python, R, Ruby, Solaris, Unix, and Windows.

Payloads

Metasploit currently has over 592 payloads. Some of them are:

Command shell enables users to run collection scripts or run arbitrary commands against the host.
Meterpreter (the Metasploit Interpreter) enables users to control the screen of a device using VNC and to browse, upload and download files.
Dynamic payloads enable users to evade anti-virus defense by generating unique payloads.
Static payloads enable static IP address/port forwarding for communication between the host and the client system.

Auxiliary modules

The Metasploit Framework includes hundreds of auxiliary modules that can perform scanning, fuzzing, sniffing, and much more. There are three types of auxiliary modules namely scanners, admin and server modules.

Contributors

Metasploit Framework operates as an open-source project and accepts contributions from the community through GitHub.com pull requests.^[17] Submissions are reviewed by a team consisting of both Rapid7 employees and senior external contributors. The majority of contributions add new modules, such as exploits or scanners.^[18]

List of original developers:

H. D. Moore (founder and chief architect)
Matt Miller (core developer from 2004–2008)
Spoonm (core developer from 2003–2008)

Related Research Articles

In programming and information security, a buffer overflow or buffer overrun is an anomaly whereby a program writes data to a buffer beyond the buffer's allocated memory, overwriting adjacent memory locations.

In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and other computer programs to access hardware functions without needing to know precise details about the hardware being used.

An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack. In lay terms, some exploit is akin to a 'hack'.

<span class="mw-page-title-main">Nmap</span> Network scanner

Nmap is a network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

Unified Extensible Firmware Interface is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. Examples of firmware that implement the specification are AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O. UEFI replaces the BIOS which was present in the boot ROM of all personal computers that are IBM PC compatible, although it can provide backwards compatibility with the BIOS using CSM booting. Intel developed the original Extensible Firmware Interface (EFI) specification. Some of the EFI's practices and data formats mirror those of Microsoft Windows. In 2005, UEFI deprecated EFI 1.10.

A penetration test, colloquially known as a pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

TESO was a hacker group, which originated in Austria. It was active from 1998 to 2004, and during its peak around 2000, it was responsible for a significant share of the exploits on the bugtraq mailing list.

BackTrack was a Linux distribution that focused on security, based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use. In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux.

SAINT is computer software used for scanning computer networks for security vulnerabilities, and exploiting found vulnerabilities.

w3af Open-source web application security scanner

w3af is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities for use in penetration testing engagements. The scanner offers a graphical user interface and a command-line interface.

<span class="mw-page-title-main">H. D. Moore</span> American businessman

H. D. Moore is a network security expert, open source programmer, and hacker. He is the founder of the Metasploit Project and was the main developer of the Metasploit Framework, a penetration testing software suite.

Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. Kali Linux is based on the Debian Testing branch: most packages Kali uses are imported from the Debian repositories.

Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for: shared sessions, data, and communication through a single Metasploit instance. Armitage is written and supported by Raphael Mudge.

<span class="mw-page-title-main">Heartbleed</span> Security bug in OpenSSL

Heartbleed is a security bug in some outdated versions of the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed could be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. It resulted from improper input validation in the implementation of the TLS heartbeat extension. Thus, the bug's name derived from heartbeat. The vulnerability was classified as a buffer over-read, a situation where more data can be read than should be allowed.

<span class="mw-page-title-main">Radare2</span>

Radare2 is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer software which generates assembly language source code from machine-executable code, it supports a variety of executable formats for different processor architectures and operating systems.

Rafay Baloch is a Pakistani ethical hacker and security researcher known for his discovery of vulnerabilities on the Android operating system. He has been featured and known by both national and international media and publications like Forbes, BBC, The Wall Street Journal, and The Express Tribune. He has been listed among the "Top 5 Ethical Hackers of 2014" by CheckMarx. Subsequently he was listed as one of "The 15 Most Successful Ethical Hackers WorldWide" and among "Top 25 Threat Seekers" by SCmagazine. Baloch has also been added in TechJuice 25 under 25 list for the year 2016 and got 13th rank in the list of high achievers. Reflectiz, a cyber security company, released the list of "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021" recognizing Rafay Baloch as the top influencer. On 23 March 2022, ISPR recognized Rafay Baloch's contribution in the field of Cyber Security with Pride for Pakistan award.

ZMap is a free and open-source security scanner that was developed as a faster alternative to Nmap. ZMap was designed for information security research and can be used for both white hat and black hat purposes. The tool is able to discover vulnerabilities and their impact, and detect affected IoT devices.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on 10 December 2021, the vulnerability circulated with the name "Log4Shell", given by Free Wortley of the LunaSec team, which was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit was simple to execute and is estimated to have had the potential to affect hundreds of millions of devices.

References

↑ "A Brief History of Metasploit".
↑ "Tags · rapid7/Metasploit-framework". GitHub .
1 2 "3-clause BSD license". GitHub . Retrieved 2013-06-24.
↑ "Rapid7 Press Release". Rapid7. Retrieved 18 February 2015.
↑ "Metasploit Editions: Network Pen Testing Tool". Rapid7. Retrieved 2023-08-03.
↑ "Vulnerability exploitation tools – SecTools Top Network Security Tools" . Retrieved 18 February 2015.
↑ Metasploit. "Metasploit". www.exploit-db.com. Retrieved 2017-01-14.
↑ "ACSSEC-2005-11-25-0x1 VMWare Workstation 5.5.0 <= build-18007 GSX Server Variants And Others". December 20, 2005. Archived from the original on 2007-01-07.
↑ "Month of Kernel Bugs – Broadcom Wireless Driver Probe Response SSID Overflow". November 11, 2006. Archived from the original on January 3, 2013.
↑ "Penetration Testing Tool, Metasploit, Free Download - Rapid7". Rapid7. Retrieved 18 February 2015.
1 2 "Metasploit editions". rapid7.com. rapid7. Retrieved 16 February 2013.
↑ "End of Sale Announced for Metasploit Community". Rapid7 Blog. 2019-07-18. Retrieved 2020-07-13.
↑ "Announcement: End of Life for Metasploit Express Edition". Rapid7 Blog. 2018-06-04. Retrieved 2020-07-13.
↑ "Armitage A GUI for Metasploit". Strategic Cyber LLC. Retrieved 2013-11-18.
↑ "Adversary Simulation and Red Team Operations Software - Cobalt Strike". cobaltstrike.com. Retrieved 2019-01-22.
↑ "Armitage vs Cobalt Hooked Strike". Strategic Cyber LLC. Retrieved 2013-11-18.
↑ "rapid7/metasploit-framework". GitHub. Retrieved 2017-01-14.
↑ "Contributing to Metasploit". Rapid7, Inc. Retrieved 2014-06-09.

External links

Official website

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "A Brief History of Metasploit".

[2] "Tags · rapid7/Metasploit-framework". GitHub .

[bsdlicense-3] 1 2 "3-clause BSD license". GitHub . Retrieved 2013-06-24.

[:0-4] "Rapid7 Press Release". Rapid7. Retrieved 18 February 2015.

[5] "Metasploit Editions: Network Pen Testing Tool". Rapid7. Retrieved 2023-08-03.

[:1-6] "Vulnerability exploitation tools – SecTools Top Network Security Tools" . Retrieved 18 February 2015.

[:2-7] Metasploit. "Metasploit". www.exploit-db.com. Retrieved 2017-01-14.

[VMwareNAT-8] "ACSSEC-2005-11-25-0x1 VMWare Workstation 5.5.0 <= build-18007 GSX Server Variants And Others". December 20, 2005. Archived from the original on 2007-01-07.

[MOKB-11-11-2006-9] "Month of Kernel Bugs – Broadcom Wireless Driver Probe Response SSID Overflow". November 11, 2006. Archived from the original on January 3, 2013.

[10] "Penetration Testing Tool, Metasploit, Free Download - Rapid7". Rapid7. Retrieved 18 February 2015.

[Metasploit_editions-11] 1 2 "Metasploit editions". rapid7.com. rapid7. Retrieved 16 February 2013.

[12] "End of Sale Announced for Metasploit Community". Rapid7 Blog. 2019-07-18. Retrieved 2020-07-13.

[13] "Announcement: End of Life for Metasploit Express Edition". Rapid7 Blog. 2018-06-04. Retrieved 2020-07-13.

[14] "Armitage A GUI for Metasploit". Strategic Cyber LLC. Retrieved 2013-11-18.

[15] "Adversary Simulation and Red Team Operations Software - Cobalt Strike". cobaltstrike.com. Retrieved 2019-01-22.

[16] "Armitage vs Cobalt Hooked Strike". Strategic Cyber LLC. Retrieved 2013-11-18.

[17] "rapid7/metasploit-framework". GitHub. Retrieved 2017-01-14.

[18] "Contributing to Metasploit". Rapid7, Inc. Retrieved 2014-06-09.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]