Introduction to Metasploit We have used Metasploit in some previous demonstrations, where we worked with its auxiliary
modules, but so far, we have not used it for exploiting the target and gaining access to the target.
Metasploit is the Swiss army knife penetration testing and is something that you can use not only
for network exploitation but for web exploitation too.
Metasploit is a free open-source software that could be used to automate lots of complex
tasks. Since Metasploit is a huge framework, it won’t be possible for me to cover every aspect
of it here, but I will try to cover the essentials and will do my best to get you get going with
Metasploit.
History of Metasploit Metasploit was initially started by HD More in 2003. He named it the “Metasploit Project.”
Initially it was started as a public resource for exploit development; however, later it was turned
into the “Metasploit Framework.” The first two versions of the Metasploit Framework were coded
in Perl; later, it was shifted to Ruby. In 2009, it was purchased by a company named Rapid7, which
allowed more frequent development for the “Metasploit Framework,” and as a result, lots of fea-
tures were introduced in it.
Metasploit Interfaces There are several interfaces for Metasploit. It’s available in all forms, that is, interactive, command
line, and GUI. Let’s take a look at some of its popular interfaces:
MSFConsole MSFConsole is the most popular interface for the Metasploit Framework and it is what we will
be using in most of our examples in this book. The reason it’s the best in my opinion is that the
settings/options in msfconsole are all interactive.
In order to launch msfconsole, all we need to do is enter “msfconsole” command in the shell,
and it will be launched.
