A first look at Metasploit

Published on 2011-07-14 by John Collins. Socials: YouTube - X - Spotify - Amazon Music - Apple Podcast

Metasploit is the leading open source security penetration testing system in use today. It was originally created by HD Moore during 2003 in Perl, but has since been ported to Ruby and now stands as one of the biggest Ruby-based systems around.

The framework is available for download from their homepage here:

Metasploit Project

To give you a flavour of what Metasploit can do, here is an example video where the attacker (using a Mac) uses a known exploit in Adobe Reader under Windows XP to install a keylogger and screen capture spyware on the victim's machine, all carried out remotely:

(video removed, see 2022 note below) - http://www.youtube.com/embed/rgGve2ZJciE

The tutorial detailing the steps carried out in the above video can be found here:

"The Metasploit Framework: An Introduction to Meterpreter" - http://www.honeyjet.co.uk/index.php/my-blog/the-metasploit-framework-an-introduction-to-meterpreter.html

If you wish to learn more, there is an excellent and very detailed guide to the Metasploit framework available online for free here:

Metasploit Unleashed

Finally, here is a recent interview with the creator of Metasploit, HD Moore:

"HD Moore Reveals His Process for Security Research" - http://resources.infosecinstitute.org/hd-moore-reveals-his-process-for-security-research/

Updated 2022 : note that the above post was originally published in 2011, but is left here for archival purposes. Sadly most of the external links in the article are now dead, including the YouTube demo video, so I had to unlink them.