Metasploit is the renowned Penetration testing framework created by H. D. Moore in 2003, metasploit was created to hack into computer systems for testing purpose. Metasploit can be used for following purposes:
- Validate security risks as part of your vulnerability management program.
- Safely simulate attacks on your network to uncover security issues.
- Verify your defenses, security controls and mitigation efforts.
- Measure the effectiveness of your security awareness program.
- Audit password security beyond Windows and Linux logins.
Metasploit Community Edition provides us with a graphical user interface (GUI) that simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners such as Nessus, Nexpose, and so forth.
Features
Metasploit Community Edition enables us to:- Map out our network - Host identification, port scanning and OS fingerprinting.
- Integrate with other vulnerability scanners - Import data from Nessus, NMAP, and other solutions. In addition, Nexpose scans can be initiated from within Metasploit Communication Edition.
- Find the right exploit - With the world's largest quality-assured exploits, finding the right exploit is just seconds away!
- Verify remediation - Do you think your host has been patched against a specific vulnerability? Fire an exploit and find out!
- And the best part? Metasploit Community Edition is provided to the InfoSec Community FREE of charge.
How to Configure Metaploit GUI in Kali Linux
- On the first step, download the community version from Rapid7 website
- Get the activation code via your email
- Open the terminal and locate the directory where you have download the GUI before
- Make the program executable and then start the installation process by using following commands:
./metasploit.run
- Follow the simple installation process, use the default ports
- Kali linux comes with a metaspoit folder by default, so it recommended to create another directory for metasploit GUI (to avoid any possible conflicts)
- Use the server name as localhost (127.0.0.1)
- After installation process, click on Application → Kali Linux → System services → Metasploit → Community / pro start
- Open your favorite browser and then open this URL (https://localhost:3790/)
- Enter the activation code
- You are in :)
Activation is successful, now you can scan the target network and get the vulnerabilities of the computers attached with it. There are many other things that could be done, like Nessus and Nexpose integration with metasploit and we will discuss every aspect of it. The next article of this series will cover the scanning part.
No comments:
Post a Comment