introduction to metasploit framework -1

Let us start with a quick introduction to the framework and the various terminologies related to Metasploit framework:

Metasploit framework: It is a free, open source penetration testing framework

started by H. D. Moore in 2003 which was later acquired by Rapid7. The current

stable versions of the framework are written using the Ruby language. It has

the world's largest database of tested exploits and receives more than a million

downloads every year. It is also one of the most complex projects built in Ruby

to date.

Vulnerability: It is a weakness which allows an attacker/pen-tester to break

into/compromise a system's security. This weakness can either exist in the

operating system, application software, or even in the network protocols.

Exploit: Exploit is a code which allows an attacker/tester to take advantage of

the vulnerable system and compromise its security. Every vulnerability has its

own corresponding exploit. Metasploit v4 has more than 700 exploits.

Payload: It is the actual code which does the work. It runs on the system after

exploitation. They are mostly used to set up a connection between the attacking

and the victim machine. Metasploit v4 has more than 250 payloads.

Module: Modules are the small building blocks of a complete system. Every module performs a specific task and a complete system is built up by combining several modules to function as a single unit. The biggest advantage of such an architecture is that it becomes easy for developers to integrate a new exploit code and tools into the framework.