Chapter 7. Metasploit
Prior to the release of Metasploit in 2003, the state of public exploits was fragmented and chaotic. Individual researchers would release exploits to the world in any language they felt like and for whichever platform was their favorite. Each exploit also included the researcher’s choice of payload that couldn’t be changed without modifying the source code. This lack of standardization led to frustrating situations where you might have three or four different exploits to choose from, none of which were what you wanted. Furthermore, each exploit used a different convention for command-line arguments and parameters and rarely included very helpful documentation.
In 2003, the Metasploit framework was released to try to change this situation. Metasploit has improved the state of public exploits by providing the following:
Support for all major operating systems
A consistent interface for setting options and running exploits
Separation of payloads from exploits so you can mix and match as you like
An integrated encoding and evasion functionality
A unified exploit database with an easy update mechanism
One of the goals of the Metasploit project is to make exploitation consistent across multiple vulnerabilities, targets, and desired effects. Metasploit uses the following concepts to abstract out the specifics of each attack and make the act of exploitation portable:
- Exploit
This is a particular code module responsible for exploiting a specific vulnerability. When attempting ...
Get Security Power Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
