TABLE OF CONTENTS Metasploit is a very robust tool with a great deal of functionality. The biggest benefit of Metasploit is that it's open source and the user can extend it any way they want. This means a security tester in a large company with many custom-written applications can develop their own exploits and payloads to target their internal applications. Adding new payloads is not just beneficial to internal testing, however. If a researcher develops a new type of attack, having a custom payload can help make the most of that attack, and a framework that supports adding them quickly has the obvious advantage of code reuse and quick development. Plus, some of the new payloads and added functionality aren't necessarily just for exploits. They could be for a different type of useful security testing, like Voice over IP, scanning networks for different problems, or even wireless testing.
The days where payloads just referred to specific code that executes a desired task are over. Metasploit has the capability to support a variety of different and new functionalities besides simple exploitation. Payloads can be designed to be used independently, or they can be the second stage of an exploit. There are two basic types: exploit payloads and auxiliary payloads.
The exploit payloads reside in the modules/payloads directory in the Metasploit home. This is the arbitrary code used after an exploit gains the capability to execute code. This code will do everything from add a...
