Metasploit for website pentest

service postgreqsql start

if this is the first time you are running metasploit, run the following command to create the database schema for you:

msfdb init

if it is not your first time, start your postgesql service as you will already have the database schema in place.

service postgresql start

Then you can start metasploit using the msfconsole command from a regular terminal

This Post Has One Comment

  1. Will Meek

    Great writeup Jonathan!

    Only caveat I found was that the url needed to be an IP, even though sites are resolved to IPs.

    And File/Dir testing at the ‘404’ stage takes forever! :)

Leave a Reply