Review: Metasploit Framework + Armitage - Pentesting Tools

EDITORS'
 CHOICE 
EDITOR RATINGS
⁃ Functionality (40%)
⁃ Performance (20%)
⁃ Usability (20%)
⁃ Portability (10%)
⁃ Value (10%)
⁃ OVERALL






PLATFORMS

MSF Server/Client:
Armitage Client:

PROS
  • Includes a comprehensive arsenal of penetration testing tools that are designed to develop, configure, test, and execute security exploit code
  • Allows pentesters to access and execute proven exploits stored in its extensive exploit database
  • Armitage GUI front-end significantly improves Metasploit Framework (MSF) usability, especially for noobs
  • Metasploitable intentionally insecure Linux Virtual Machine (VM) is a useful target for pentesting practice sessions
  • Free and open source.
CONS
  • In order to exploit the full power of MSF pentesting tools experts still need to master a complex set of Command Line Interface (CLI) commands
  • MSF, Armitage and Metasploitable are not bundled so they need to be installed and updated separately. Consequently, version inconsistency problems are invevitable.
BOTTOM LINE
  • If you are looking at a low-cost/high-quality penetration-testing tool set, there is no better solution available.

Review of the Free & Open Source Software (FOSS) penetration-testing (“ethical hacking”) tools included in the Metasploit Framework extended with the Armitage GUI front-end.

REVIEW SUMMARY

Metasploit Framework (MSF) is a modular and extensible tool suite for cybersecurity penetration testing (a.k.a. pentesting, white hat hacking, and ethical hacking). MSF supports the development, configuration, execution, and testing of security exploit code. (Exploit code is software code that penetrates a target system by taking advantage of vulnerabilities in the target. For example, a buffer overrun exploit might intentionally supply a software application with more data than its memory buffer can accommodate, so that the application overflows its buffer and executes a malicious payload.)

Metasploit Framework allows pentesters to execute proven exploits stored in its extensive exploit database, as well as to develop new exploits from scratch. The MSF exploit database is being continually updated by leading cybersecurity researchers and ethical hackers, so this is a valuable resource for the penetration testing community as well as cyber villains! Unfortunately, although the Metasploit Framework is a powerful tool set for pentesting, it can be overwhelming to master because of its proliferation of interfaces, utilities, modules, interfaces, and variables.

Consequently, even if you are fluent with Linux Command Line Interface (CLI) commands we recommend that you use MSF in conjunction with the FOSS Armitage GUI front-end. Armitage substantially improves the usability of MSF, while allowing expert hackers to utilize CLI commands whenever they choose. An added bonus to using MSF + Armitage is Metasploitable, an intentionally insecure Linux Virtual Machine (VM) that you can use for pentesting practice sessions. MSF + Armitage + Metasploitable is a formidable penetration testing resource, and is highly recommended for both cybersecurity noobs and certified ethical hackers.

Cybersecurity Software Reviewed: Metasploit Framework + Armitage GUI: Penetration Testing Tools
Date Published: 12/15/2014
Editor Rating: 3.7 / 5 Stars


CYBERSECURITY FORUM and CyberSecurityForum.com are trademarks of PivotPoint Technology Corporation. All other product and service names mentioned are the trademarks of their respective companies.