These are Metasploit's payload repositories, where the well-known Meterpreter payload resides. Meterpreter has many different implementations, targeting Windows, PHP, Python, Java, and Android. The new 'Mettle' payload also natively targets a dozen different CPU architectures, and a number of different operating systems. The framework is going to be designed in a fashion similar to Metasploit, SNORT, or other systems that allow the security community to create plugins for new tasks as needed. The primary goal of OSSAMS is to normalize the data, there by allowing the security professional to better assess the current state of security for an organization.
Metasploit is one of the most powerful and widely used tools for penetration testing. In this tutorial, we will take you through the various concepts and techniques of Metasploit and explain how you can use them in a real-time environment. This tutorial is meant for instructional purpose only.
This tutorial is meant for beginners who would like to learn the basic-to-advanced concepts of Metasploit and how to use it in penetration testing to safeguard their systems and networks.
Before proceeding with this tutorial, you should have a good grasp over all the fundamental concepts of a computer and how it operates in a networked environment.
Metasploit Pro, recommended for penetration testers and IT security teams, offers a compressive set of advanced features. If you’re simply looking for a basic command-line interface and manual exploitation, check out Metasploit Framework. Scroll down for a full feature comparison.
|De-facto standard for penetration testing with more than 1,500 exploits|
|Import of network data scan|
|MetaModules for discrete tasks such as network segmentation testing|
|Integrations via Remote API|
|Simple web interface|
|Automated credentials brute forcing|
|Baseline penetration testing reports|
|Wizards for standard baseline audits|
|Task chains for automated custom workflows|
|Closed-Loop vulnerability validation to prioritize remediation|
|Basic command-line interface|
|Manual credentials brute forcing|
|Dynamic payloads to evade leading anti-virus solutions|
|Phishing awareness management and spear phishing|
|Web app testing for OWASP Top 10 vulnerabilities|
|Choice of advance command-line (Pro Console) and web interface|
|Download & Trial||Pro||Framework|