Metasploit is an open sourced penetration test tool, written with Ruby language. Developed for security tests, Metasploit has a practical interface and contains of over 1500 exploits. Also includes lots of parameters and modules for easier use of all the tools inside it.
This form of Metasploit allows the user to build their own strategy. With this, the user can easily, fast and more functionally do their operations. This is one of the most important features of Metasploit.
Then, can we use all of the exploits with Metasploit? The answer is no, we can’t. To be able to use an exploit in Metasploit, the exploit has to be properly coded for Metasploit.
Let’s say this as well, Metasploit doesn’t only include exploits. It also includes auxiliary, post, payload, encoder and nop. But what are these?
Auxiliary: Used to get information from the opposite system before exploiting.
Payload: Modules to help do operations on the opposite system after exploiting.
Encoder: Modules to bypass softwares like Antiviruses.
Nop: Bits that fill memory to learn where the memory is stored. Mostly used to bypass operations like attack detection and blocking.
Let’s also talk about Metasploit’s unique file system.
1- Datas: Datas are used by Metasploit and can be changed by it.
2- Lib: The library of the Framework.
3- Plugins: Plugins that can work automatically and works by using all the features of the Framework.
4- Tools: Tools that work on command prompts. sorting out things depending on their place and work.
5- External: Source codes for 3rd party programs and external sources.
6- Documentation: Documents to send information to the Framework.
7- Modules: Normal modules.
8- Scripts: Advanced scripts like Meterpreter.
The examples can be expanded. As you can see the structure of Metasploit works systematically. To understand all of these terms properly, you’ll need to use them. You can build your own strategies like that.
Note: Quotations has been made from the Turkish book called “Metasploit and Penetration Tests”