Metasploit modules are individual components within the Metasploit Framework that perform specific tasks related to penetration testing and security assessments. Each module is designed to exploit vulnerabilities, gather information, or perform post-exploitation tasks.
Types of Metasploit Modules:
-
Exploits: Code that takes advantage of vulnerabilities in software or systems to gain unauthorized access or control.
- Example:
exploit/windows/smb/ms17_010_eternalblue
- Example:
-
Payloads: Code that runs on the target system after a successful exploit. Payloads can provide a command shell, Meterpreter session, or other functionalities.
- Example:
payload/windows/meterpreter/reverse_tcp
- Example:
-
Auxiliary Modules: Tools that perform various tasks, such as scanning, fuzzing, or denial of service attacks, without exploiting a vulnerability.
- Example:
auxiliary/scanner/portscan/tcp
- Example:
-
Post-Exploitation Modules: Used after gaining access to a system to perform tasks like gathering information, escalating privileges, or maintaining access.
- Example:
post/windows/gather/enum_logged_on_users
- Example:
-
Encoders: Modules that encode payloads to evade detection by security systems.
Each module has specific options and configurations that can be set before execution. If you have more questions about using modules or specific types, feel free to ask!
