Security Analyst @ Capgemini
Not Just a Tool
An Entire Framework for Automating various tasks for Penetration Testing / Attacking
Exploits - Modules used for actually attacking the systems and grabbing the access.
Auxiliary - Exploit without payload. Used for scanning,Fuzzing & doing various tasks.
Payloads - A piece of code which executes on remote system after successful exploitation.
Encoders - Program which encodes our payload to avoid antivirus detection.
Nops - Used to keep payload size consistent.
Note: Metasploit Community & Pro Editions are removed from Kali
Why should I use it?
I don't know how to keep track of all my works?
I get confused with Metasploit while working with multiple projects?
I want to import & export results and keep it organized?
Metasploit keeps track of everything you have done to the target network within its database.
Useful to Organize our works in the form of workspaces.
Kali Linux 2.0
Available columns: address, arch, comm, comments, created_at, info, mac, name, note_count, os_flavor, os_lang, os_name, os_sp, purpose, scope, service_count, state, updated_at, virtual_host, vuln_count
Available columns: created_at, info, name, port, proto, state, updated_at
The ‘creds’ command is used to manage found and used credentials for targets in our database. Running this command without any options will display currently saved credentials.
In the event of a successful hash dump, this information will be stored in our database. We can view this dumps using the ‘loot’ command.