Downloads Download Rapid7 Virtual Appliance Download Metasploit

Metasploit Videos

•  Irongeek's Metasploit Introduction

• Hacking Web Users using BeEF and Metasploit

• Adobe Util.printf() Client-Side Exploit

• Bypassing AV with Metasploit

Metasploit is the de-facto standard for open-source penetration testing frameworks. Basically, testers will leverage a vulnerability assessment utility such as Rapid7's Nexpose commercial tool, and/or Nessus to identify vulnerabilities present within the environment. Once vulnerabilities are validated the next step is to actively exploit the vulnerability. This historically was done generally with custom-coded exploits written in C, Perl, Python, etc. Metasploit provides a framework which contains exploit code along with various payloads you can deliver to the target. Payloads included provide various functions such as running a command on the remote machine, remote command-line interfaces, adding a user to the Administrator group, and other such nefarious activities- even an encrypted remote shell to ensure communications are not monitored.

Rapid7 Nexpose is a leading commercial vulnerability assessment/management utility. I personally use it when conducting penetration tests, vulnerability assessments, and also as part of my web assessments. Fast, clean, and strong reporting.