Review of the Free & Open Source Software (FOSS) penetration-testing (“ethical hacking”) tools included in the Metasploit Framework extended with the Armitage GUI front-end.REVIEW SUMMARY
Metasploit Framework (MSF) is a modular and extensible tool suite for cybersecurity penetration testing (a.k.a. pentesting, white hat hacking, and ethical hacking). MSF supports the development, configuration, execution, and testing of security exploit code. (Exploit code is software code that penetrates a target system by taking advantage of vulnerabilities in the target. For example, a buffer overrun exploit might intentionally supply a software application with more data than its memory buffer can accommodate, so that the application overflows its buffer and executes a malicious payload.)
Metasploit Framework allows pentesters to execute proven exploits stored in its extensive exploit database, as well as to develop new exploits from scratch. The MSF exploit database is being continually updated by leading cybersecurity researchers and ethical hackers, so this is a valuable resource for the penetration testing community as well as cyber villains! Unfortunately, although the Metasploit Framework is a powerful tool set for pentesting, it can be overwhelming to master because of its proliferation of interfaces, utilities, modules, interfaces, and variables.
Consequently, even if you are fluent with Linux Command Line Interface (CLI) commands we recommend that you use MSF in conjunction with the FOSS Armitage GUI front-end. Armitage substantially improves the usability of MSF, while allowing expert hackers to utilize CLI commands whenever they choose. An added bonus to using MSF + Armitage is Metasploitable, an intentionally insecure Linux Virtual Machine (VM) that you can use for pentesting practice sessions. MSF + Armitage + Metasploitable is a formidable penetration testing resource, and is highly recommended for both cybersecurity noobs and certified ethical hackers.
CYBERSECURITY FORUM and CyberSecurityForum.com are trademarks of PivotPoint Technology Corporation. All other product and service names mentioned are the trademarks of their respective companies.