5.3 : Auto scanning tools - Metasploit (Part VII)

Background

• the most advanced exploit tester in 2019
• easy to use, ready to run ~2k exploits upon install

Installation

instead of using traditional setup, we use docker

# pull from offical git
git clone https://github.com/rapid7/metasploit-framework.git .


docker-compose -d up
./docker/bin/msfconsole #enter console
./docker/bin/msfupdate  #update exploit database

Basic usage

search for exploit

search $KEYWORDS

load exploit

use $EXPLOIT_NAME

config exploit

show options
...

set $OPTION_KEY $OPTION_VALUE

execute exploit

exploit

revert to console

back

Basic tutorial