Metasploit

Last updated
Metasploit
Original author(s) H. D. Moore
Developer(s) Rapid7, Inc.
Initial release2003;21 years ago (2003) [1]
Stable release
6.3.36 [2] / September 28, 2023 (2023-09-28)
Repository github.com/rapid7
Written in Ruby
Operating system Cross-platform
Type Security
License Framework: BSD, [3] Community/Express/Pro: Proprietary
Website www.metasploit.com

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

Contents

Its best-known sub-project is the open-source [3] Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.

The Metasploit Project includes anti-forensic and evasion tools, some of which are built into the Metasploit Framework. In various operating systems it comes pre installed.

History

Metasploit was created by H. D. Moore in 2003 as a portable network tool using Perl. By 2007, the Metasploit Framework had been completely rewritten in Ruby. On October 21, 2009, the Metasploit Project announced [4] that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.

Like comparable commercial products such as Immunity's Canvas or Core Security Technologies' Core Impact, Metasploit can be used to test the vulnerability of computer systems or to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Since the acquisition of the Metasploit Framework, Rapid7 has added an open core proprietary edition called Metasploit Pro. [5]

Metasploit's emerging position as the de facto exploit development framework [6] led to the release of software vulnerability advisories often accompanied [7] by a third party Metasploit exploit module that highlights the exploitability, risk and remediation of that particular bug. [8] [9] Metasploit 3.0 began to include fuzzing tools, used to discover software vulnerabilities, rather than just exploits for known bugs. This avenue can be seen with the integration of the lorcon wireless (802.11) toolset into Metasploit 3.0 in November 2006.

Framework

The basic steps for exploiting a system using the Framework include.

  1. Optionally checking whether the intended target system is vulnerable to an exploit.
  2. Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and macOS systems are included).
  3. Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server). Metasploit often recommends a payload that should work.
  4. Choosing the encoding technique so that hexadecimal opcodes known as "bad characters" are removed from the payload, these characters will cause the exploit to fail.
  5. Executing the exploit.

This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers and payload writers.

Metasploit runs on Unix (including Linux and macOS) and on Windows. The Metasploit Framework can be extended to use add-ons in multiple languages.

To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with port scanning and TCP/IP stack fingerprinting tools such as Nmap. Vulnerability scanners such as Nessus, and OpenVAS can detect target system vulnerabilities. Metasploit can import vulnerability scanner data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation. [10]

Interfaces

There are several interfaces for Metasploit available. The most popular are maintained by Rapid7 and Strategic Cyber LLC. [11]

Framework Edition

The free version. It contains a command line interface, third-party import, manual exploitation and manual brute forcing. This free version of the Metasploit project also includes Zenmap, a well known security scanner, and a compiler for Ruby, the language in which this version of Metasploit was written. [11]

Pro

In October 2010, Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers. Metasploit Pro adds onto Metasploit Express with features such as Quick Start Wizards/MetaModules, building and managing social engineering campaigns, web application testing, an advanced Pro Console, dynamic payloads for anti-virus evasion, integration with Nexpose for ad-hoc vulnerability scans, and VPN pivoting.

Discontinued editions

Community

The edition was released in October 2011, and included a free, web-based user interface for Metasploit. Metasploit Community Edition was based on the commercial functionality of the paid-for editions with a reduced set of features, including network discovery, module browsing and manual exploitation. Metasploit Community was included in the main installer.

On July 18, 2019, Rapid7 announced the end-of-sale of Metasploit Community Edition. [12] Existing users were able to continue using it until their license expired.

Express

The edition was released in April 2010, and was an open-core commercial edition for security teams who need to verify vulnerabilities. It offers a graphical user interface, It integrated nmap for discovery, and added smart brute-forcing as well as automated evidence collection.

On June 4, 2019, Rapid7 discontinued Metasploit Express Edition. [13]

Armitage

Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for shared sessions, data, and communication through a single Metasploit instance. [14]

The latest release of Armitage was in 2015.

Cobalt Strike

Cobalt Strike is a collection of threat emulation tools provided by HelpSystems to work with the Metasploit Framework. [15] Cobalt Strike includes all features of Armitage and adds post-exploitation tools, in addition to report generation features. [16]

Exploits

Metasploit currently has over 2074 exploits, organized under the following platforms: AIX, Android, BSD, BSDi, Cisco, Firefox, FreeBSD, HP-UX, Irix, Java, JavaScript, Linux, mainframe, multi (applicable to multiple platforms), NetBSD, NetWare, nodejs, OpenBSD, macOS, PHP, Python, R, Ruby, Solaris, Unix, and Windows.

Payloads

Metasploit currently has over 592 payloads. Some of them are:

Auxiliary modules

The Metasploit Framework includes hundreds of auxiliary modules that can perform scanning, fuzzing, sniffing, and much more. There are three types of auxiliary modules namely scanners, admin and server modules.

Contributors

Metasploit Framework operates as an open-source project and accepts contributions from the community through GitHub.com pull requests. [17] Submissions are reviewed by a team consisting of both Rapid7 employees and senior external contributors. The majority of contributions add new modules, such as exploits or scanners. [18]

List of original developers:

See also

Related Research Articles

An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. Such behavior frequently includes gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack. In lay terms, some exploit is akin to a 'hack'.

<span class="mw-page-title-main">OpenSSL</span> Open-source implementation of the SSL and TLS protocols

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

A penetration test, colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

Crimeware is a class of malware designed specifically to automate cybercrime.

OpenVAS is the scanner component of Greenbone Vulnerability Management (GVM), a software framework of several services and tools offering vulnerability scanning and vulnerability management.

<span class="mw-page-title-main">BackTrack</span> Linux distribution

BackTrack was a Linux distribution that focused on security, based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use. In March 2013, Khaled Baoween (Kali) & the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux.

Intrusion detection system evasion techniques are modifications made to attacks in order to prevent detection by an intrusion detection system (IDS). Almost all published evasion techniques modify network attacks. The 1998 paper Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection popularized IDS evasion, and discussed both evasion techniques and areas where the correct interpretation was ambiguous depending on the targeted computer system. The 'fragroute' and 'fragrouter' programs implement evasion techniques discussed in the paper. Many web vulnerability scanners, such as 'Nikto', 'whisker' and 'Sandcat', also incorporate IDS evasion techniques.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

webarchive is a Web archive file format available on macOS and Windows for saving and reviewing complete web pages using the Safari web browser. The webarchive format differs from a standalone HTML file because it also saves linked files such as images, CSS, and JavaScript. The webarchive format is a concatenation of source files with filenames saved in the binary plist format using NSKeyedArchiver. Support for webarchive documents was added in Safari 4 Beta on Windows and is included in subsequent versions. Safari in iOS 13 has support for web archive files. Previously there was a third party iOS app called Web Archive Viewer that provided this functionality.

<span class="mw-page-title-main">OpenBSD</span> Operating system

OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.

w3af Open-source web application security scanner

w3af is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities for use in penetration testing engagements. The scanner offers a graphical user interface and a command-line interface.

<span class="mw-page-title-main">H. D. Moore</span> American businessman (born 1981)

H. D. Moore is a network security expert, open source programmer, and hacker. He is the founder of the Metasploit Project and was the main developer of the Metasploit Framework, a penetration testing software suite.

<span class="mw-page-title-main">Kali Linux</span> Debian-based Linux distribution for penetration testing

Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. The software is based on the Debian Testing branch: most packages Kali uses are imported from the Debian repositories.

<span class="mw-page-title-main">Armitage (computing)</span> Cyber attack management tool

Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for: shared sessions, data, and communication through a single Metasploit instance. Armitage is written and supported by Raphael Mudge.

A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration. They can introduce a performance degradation without proper configuration and tuning from Cyber Security specialist. However, most of the major financial institutions utilize WAFs to help in the mitigation of web application 'zero-day' vulnerabilities, as well as hard to patch bugs or weaknesses through custom attack signature strings.

<span class="mw-page-title-main">Heartbleed</span> Security bug in OpenSSL

Heartbleed is a security bug in some outdated versions of the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed could be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. It resulted from improper input validation in the implementation of the TLS heartbeat extension. Thus, the bug's name derived from heartbeat. The vulnerability was classified as a buffer over-read, a situation where more data can be read than should be allowed.

SCADA Strangelove is an independent group of information security researchers founded in 2012, focused on security assessment of industrial control systems (ICS) and SCADA.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on 10 December 2021, the vulnerability circulated with the name "Log4Shell", given by Free Wortley of the LunaSec team, which was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit was simple to execute and is estimated to have had the potential to affect hundreds of millions of devices.

References

  1. "A Brief History of Metasploit". Archived from the original on 2023-08-03. Retrieved 2024-05-23.
  2. "Tags · rapid7/Metasploit-framework". GitHub . Archived from the original on 2022-12-19. Retrieved 2024-05-23.
  3. 1 2 "3-clause BSD license". GitHub . Archived from the original on 2021-01-30. Retrieved 2013-06-24.
  4. "Rapid7 Press Release". Rapid7. Archived from the original on 15 July 2011. Retrieved 18 February 2015.
  5. "Metasploit Editions: Network Pen Testing Tool". Rapid7. Archived from the original on 2023-07-20. Retrieved 2023-08-03.
  6. "Vulnerability exploitation tools – SecTools Top Network Security Tools". Archived from the original on 17 October 2011. Retrieved 18 February 2015.
  7. Metasploit. "Metasploit". www.exploit-db.com. Archived from the original on 2017-01-16. Retrieved 2017-01-14.
  8. "ACSSEC-2005-11-25-0x1 VMWare Workstation 5.5.0 <= build-18007 GSX Server Variants And Others". December 20, 2005. Archived from the original on 2007-01-07.
  9. "Month of Kernel Bugs – Broadcom Wireless Driver Probe Response SSID Overflow". November 11, 2006. Archived from the original on January 3, 2013.
  10. "Penetration Testing Tool, Metasploit, Free Download - Rapid7". Rapid7. Archived from the original on 24 December 2017. Retrieved 18 February 2015.
  11. 1 2 "Metasploit editions". rapid7.com. rapid7. Archived from the original on 10 March 2015. Retrieved 16 February 2013.
  12. "End of Sale Announced for Metasploit Community". Rapid7 Blog. 2019-07-18. Archived from the original on 2020-07-13. Retrieved 2020-07-13.
  13. "Announcement: End of Life for Metasploit Express Edition". Rapid7 Blog. 2018-06-04. Archived from the original on 2020-07-16. Retrieved 2020-07-13.
  14. "Armitage A GUI for Metasploit". Strategic Cyber LLC. Archived from the original on 2016-01-14. Retrieved 2013-11-18.
  15. "Adversary Simulation and Red Team Operations Software - Cobalt Strike". cobaltstrike.com. Archived from the original on 2019-01-28. Retrieved 2019-01-22.
  16. "Armitage vs Cobalt Hooked Strike". Strategic Cyber LLC. Archived from the original on 2016-03-19. Retrieved 2013-11-18.
  17. "rapid7/metasploit-framework". GitHub. Archived from the original on 2018-07-26. Retrieved 2017-01-14.
  18. "Contributing to Metasploit". Rapid7, Inc. Archived from the original on 2016-09-24. Retrieved 2014-06-09.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.