Metasploit

From Gentoo Wiki
Jump to: navigation, search

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. The framework is maintained by Rapid7 and the community. Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

Installation

Rapid7 recommends using the binary installer for the desired version. The installer comes with a guide that aims to help during the installation process. If someone wants to develop and contribute, there's a guide to set up a development enviroment.

Note
This guide makes the next assumptions:
  • You have a Debian-based Linux environment
  • You have a user that is not root. In this guide, we're using msfdev.
  • You have a GitHub account

USE flags

USE flags for net-analyzer/metasploit Advanced framework for developing, testing, and using vulnerability exploit code

development Install dependencies needed for metasploit and exploit development local
java Add support for Java global
nexpose Enable the plugin to integrate with nexpose local
openvas Enable the plugin to integrate net-analyzer/openvas local
oracle Enable restricted oracle modules which have additional deps local
pcap Enable libpcap for packet sniffing local
test Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in make.conf/package.use anymore global

Emerge

Warning
On maintainer's words: Very delicate package
root #emerge --ask net-analyzer/metasploit

Configuration

Usage

Metasploit comes with its own CLI. For a detailed list of available commands refer to Offensive Security guide.

For a GUI, refer to Armitage project.

Removal

Unmerge

root #emerge --ask --depclean net-analyzer/metasploit

See also

  • Wireshark — a free and open-source packet analyzer.
  • Nmap — used to check for open ports, what is running on those ports, and header information

External resources