Metasploit Framework is built upon a modular architecture, which allows users to access and leverage a wide range of pre-built modules to perform various security testing and exploitation tasks. These modules cover a diverse set of functionalities, including exploits, payloads, auxiliary tools, and post-exploitation capabilities.
To view the available modules in the Metasploit Framework, you can use the show modules
command in the Metasploit console. This will display a list of all the modules organized by their respective categories, such as exploits, payloads, auxiliary, and post-exploitation.
msf6 > show modules
Selecting and Configuring Modules
To use a specific module, you can select it using the use
command, followed by the module's path. For example, to select the exploit/windows/smb/ms17_010_eternalblue
module, you would enter:
msf6 > use exploit/windows/smb/ms17_010_eternalblue
Once a module is selected, you can view its available options using the show options
command and set the required options using the set
command. For instance, to set the RHOSTS
(remote hosts) option for the eternalblue
module:
msf6 exploit(windows/smb/ms17_010_eternalblue) > set RHOSTS 192.168.1.100
RHOSTS => 192.168.1.100
After configuring the module's options, you can execute the module using the run
or exploit
command. This will initiate the selected module's functionality, such as launching an exploit or performing a specific security test.
msf6 exploit(windows/smb/ms17_010_eternalblue) > exploit
By understanding how to explore, select, configure, and execute Metasploit modules, users can leverage the framework's extensive capabilities to conduct comprehensive security assessments, identify vulnerabilities, and gain access to target systems.