MSF exists to provide a consistent and all-encompassing exploit development platform. This makes rapid exploit development possible for professionals and researchers. At its core, MSF provides an extensible API and interface for setting variable parameters on an exploit. You can reuse many components between exploits. Examples include payloads, payload handlers, NOP generators, protocol libraries, and encoding routines. MSF comes with a robust assortment of these core components to be reused in exploit development. To facilitate the goals of component reuse and rapid exploit development, all the components and exploits are written using Object-Oriented Perl (OOP) with dynamic loading. As shown later in this chapter, MSF’s complex OOP foundation makes developing modules easier.

MSF functions as a bridge between the abstract concept of a “remote exploit” and a user. These concepts are interfaced within the various MSF frontends. The frontends have the task of setting user-controllable parameters and launching exploit modules with complete control over how the exploit is run. MSF comes with three frontend programs to demonstrate the framework’s flexibility. msfconsole is a fully interactive subshell interface that you can run from a shell interpreter such as bash or cmd.exe. It is the preferred frontend and is used for all the examples in this chapter. The msfcli command-line interface is ideal for use in scripts. All options and parameters are supplied as arguments ...