Metasploit Framework is a Ruby based penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit framework contains a whole toolkit that you can use to test vulnerabilities, enumerate networks, execute attacks, and evade detection.
One interface Metasploit Framework provides is the MSFconsole which is the most commonly used interface to work with the framework. The console lets you run commands and scan targets. Also exploit vulnerabilities with exploit modules and payloads.
Modules are the core components of the Metasploit Framework. A module is a piece of software that can perform a specific action, such as scanning or exploiting. Each task that you can perform with the Metasploit Framework is defined within a module.
There are specific types of modules in the framework which are used for many different purposes.
- Exploit– executes a sequence of commands to target a specific vulnerability found in a system or application. Exploit modules include buffer overflow, code injection, and web application exploits.
- Auxilary– an Auxilary module does not execute a payload. It can be used to perform arbitrary actions. Examples include scanners fuzzers, and denial of service attacks.
- Post-Exploitation– A post-exploitation module enables you to gather more information or to gain further access to an exploited target system. Examples of post-exploitation modules include hash dumps and application and service enumerators.
- Payload– A payload is the shell code that runs after an exploit successfully compromises a system. The payload enables you to define how you want to connect to the shell and what you want to do to the target system after you take control of it. A payload can open a Meterpreter or command shell. Meterpreter is an advanced payload that allows you to write DLL files to dynamically create new features as you need them.
- NOP– A NOP generator produces a series of random bytes that you can use to bypass standard IDS and IPS NOP sled signatures. Use NOP generators to pad buffers.