TABLE OF CONTENTS In 2003, a new security tool called the Metasploit Framework (MSF) was released to the public. This tool was the first open-source, freely available exploit development framework, and rapidly grew to be one of the security community's most popular tools. The solid reputation of the framework is due to the efforts of the core development team and the external contributors, whose hard work resulted in over 100 dependable exploits against many of the most popular operating systems and applications. Released under a combined Gnu's Not Unix (GNU) Gnu's Not Unix (GPL) and artistic license, the MSF continues to add new exploits and cutting edge security features with every release.
This chapter discusses how to use the MSF as an exploitation platform. The first section covers msfweb, a simple point-and-click interface to the MSF exploitation engine. The next section covers msfconsole, the most powerful and flexible of the three available interfaces. The final section covers msfcli, a command-line interface (CLI) to the framework. As the various interfaces are covered, each of the advanced MSF features is discussed in detail.
This chapter demonstrates all of the features offered by the MSF as an exploitation platform; therefore, readers should have a basic understanding of exploits. To help get the most out of this chapter, download a free copy of the MSF ( www.metasploit.com).
The MSF is written in the Perl scripting language and can be run on almost any UNIX-like platform, including the Cygwin
