What is Metasploit? And how to use this popular hacking tool

Metasploit is a widely used penetration testing tool that makes hacking way easier than it used to be. It has become an indispensable tool for both red team and blue team.

Metasploit definition

Metasploit is a penetration testing framework that makes hacking simple. It's an essential tool for many attackers and defenders. Point Metasploit at your target, pick an exploit, what payload to drop, and hit Enter.

It's not quite as simple as that, of course, so let's begin at the beginning. Back in ye olden days of yore, pentesting involved a lot of repetitive labor that Metasploit now automates. Information gathering? Gaining access? Maintaining persistence? Evading detection? Metasploit is a hacker's Swiss army chainsaw (sorry, Perl!), and if you work in information security, you're probably already using it.

Better still, the core Metasploit Framework is both free and libre software and comes pre-installed in Kali Linux. (It's BSD-licensed, in case you're curious). The framework offers only a command-line interface, but those wanting GUI-based click-and-drag hacking — plus some other cool features — can drop a bundle for per-seat licenses to Metasploit Pro.

Let's take a closer look at how Metasploit works, and its history.

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!