The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. The framework is maintained by Rapid7 and the community. Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.
Rapid7 recommends using the binary installer for the desired version. The installer comes with a guide that aims to help during the installation process. If someone wants to develop and contribute, there's a guide to set up a development enviroment.
This guide makes the next assumptions:
- You have a Debian-based Linux environment
- You have a user that is not root. In this guide, we're using msfdev.
- You have a GitHub account
USE flags for net-analyzer/metasploit Advanced framework for developing, testing, and using vulnerability exploit code
||Install dependencies needed for metasploit and exploit development|
||Add support for Java|
||Enable the plugin to integrate with nexpose|
||Enable restricted oracle modules which have additional deps|
||Enable libpcap for packet sniffing|
||Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)|
On maintainer's words: Very delicate package
emerge --ask net-analyzer/metasploit
Metasploit comes with its own CLI. For a detailed list of available commands refer to Offensive Security guide.
For a GUI, refer to Armitage project.
emerge --ask --depclean --verbose net-analyzer/metasploit
- Wireshark — a free and open-source packet analyzer.
- Nmap — an open source recon tool used to check for open ports, what is running on those ports, and metadata about the daemons servicing those ports.