The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
One of the sub-projects is Metasploit Framework, a tool for developing and executing exploit code against a remote target machine.
Metasploit Framework is free and open source software.
Key Features
- Command line interface.
- Third-party import.
- Manual exploitation.
- Manual brute forcing.
- A modular approach for exploiting a system using the framework:
- Optionally checking whether the intended target system is vulnerable to an exploit.
- Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and macOS systems are included).
- Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server). Metasploit often recommends a payload that should work.
- Choosing the encoding technique so that hexadecimal opcodes known as “bad characters” are removed from the payload, these characters will cause the exploit to fail.
- Executing the exploit.
- Cross-platform support – runs under Linux, macOS, and Windows.
Website: www.metasploit.com
Support: GitHub Code Repository
Developer: Rapid7 LLC
License: BSD-style license (Metasploit Framework)
Metasploit is written in Ruby. Learn Ruby with our recommended free books and free tutorials.
Related Software
| Vulnerability Detection Tools | |
|---|---|
| Metasploit | Penetration testing framework |
| Nuclei | Fast and customisable vulnerability scanner |
| OpenVAS | Full-featured vulnerability scanner |
| Nikto | Web server scanner |
| Lynis | Auditing, system hardening, compliance testing |
| grype | Vulnerability scanner for container images and filesystems |
| OSSEC | Centralized architecture for monitoring and managing multiple systems |
| OpenSCAP | NIST Certified SCAP 1.2 toolkit |
| octoscan | Static vulnerability scanner for GitHub action workflows |
| Greenbone | Central management service between security scanners and the user clients. |
| Terrapin | Terrapin Vulnerability Scanner for the Terrapin attack |
| Tiger | Security audit and intrusion detection too |
| PRS | Web security scanner |
| Trivy | Terrapin Vulnerability Scanner for the Terrapin attack |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |