From Gentoo Wiki
Jump to: navigation, search

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. The framework is maintained by Rapid7 and the community. Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.


Rapid7 recommends using the binary installer for the desired version. The installer comes with a guide that aims to help during the installation process. If someone wants to develop and contribute, there's a guide to set up a development enviroment.

This guide makes the next assumptions:
  • You have a Debian-based Linux environment
  • You have a user that is not root. In this guide, we're using msfdev.
  • You have a GitHub account

USE flags

USE flags for net-analyzer/metasploit Advanced framework for developing, testing, and using vulnerability exploit code

development Install dependencies needed for metasploit and exploit development
java Add support for Java
nexpose Enable the plugin to integrate with nexpose
oracle Enable restricted oracle modules which have additional deps
pcap Enable libpcap for packet sniffing
test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)


On maintainer's words: Very delicate package
root #emerge --ask net-analyzer/metasploit



Metasploit comes with its own CLI. For a detailed list of available commands refer to Offensive Security guide.

For a GUI, refer to Armitage project.



root #emerge --ask --depclean --verbose net-analyzer/metasploit

See also

  • Wireshark — a free and open-source packet analyzer.
  • Nmap — an open source recon tool used to check for open ports, what is running on those ports, and metadata about the daemons servicing those ports.

External resources