is the renowned Penetration testing framework created by H. D. Moore
in 2003, metasploit was created to hack into computer systems for
testing purpose. Metasploit can be used for following purposes:
security risks as part of your vulnerability management program.
simulate attacks on your network to uncover security issues.
your defenses, security controls and mitigation efforts.
the effectiveness of your security awareness program.
- Audit password security
beyond Windows and Linux logins.
Community Edition provides us with a graphical user interface (GUI)
that simplifies network discovery and vulnerability verification for
specific exploits, increasing the effectiveness of vulnerability
scanners such as Nessus, Nexpose, and so forth.
Metasploit Community Edition
enables us to:
- Map out our network –
Host identification, port scanning and OS fingerprinting.
- Integrate with other
vulnerability scanners – Import data from Nessus, NMAP, and other
solutions. In addition, Nexpose scans can be initiated from within
Metasploit Communication Edition.
- Find the right exploit –
With the world’s largest quality-assured exploits, finding the right
exploit is just seconds away!
- Verify remediation – Do
you think your host has been patched against a specific
vulnerability? Fire an exploit and find out!
- And the best part?
Metasploit Community Edition is provided to the InfoSec Community
FREE of charge.
to Configure Metaploit GUI in Kali Linux
the first step, download the community version from Rapid7 website
the activation code via your email
the terminal and locate the directory where you have download the
the program executable and then start the installation process by
using following commands:
the simple installation process, use the default ports
Kali linux comes with a metaspoit folder by default, so it recommended to
create another directory for metasploit GUI (to avoid any possible
the server name as localhost (127.0.0.1)
installation process, click on Application ? Kali Linux ? System
services ? Metasploit ? Community / pro start
your favorite browser and then open this URL
the activation code
are in 🙂
is successful, now you can scan the target network and get the
vulnerabilities of the computers attached with it. There are many
other things that could be done, like Nessus and Nexpose integration
with metasploit and we will discuss every aspect of it. The next
article of this series will cover the scanning part.