Metasploit for website pentest

msfconsole

Once msfconsole has started and loaded all the modules and dependancies, you will meet with a splash screen in your terminal – the splash screens are random, so don’t worry if you see a different one when yours starts up:

Metasploit for website pentest
Metasploit for website pentest

This is msfconsole. Msfconsole is the main command line interface to MetaSploit. There are other interfaces available – GUI interfaces (armitage), and a web interface too (websploit). With msfconsole you can launch exploits, create listeners, configure payloads etc – its always useful to learn the commandline version as its the quickest way to assemble a database of targets for later analysis.

This Post Has One Comment

  1. Will Meek

    Great writeup Jonathan!

    Only caveat I found was that the url needed to be an IP, even though sites are resolved to IPs.

    And File/Dir testing at the ‘404’ stage takes forever! :)

Leave a Reply