Metasploit
A penetration testing platform containing hundreds of exploits, reconnaissance modules, payloads and post-exploitation tools in a single environment.
What is Metasploit?
Metasploit is the world’s most recognised penetration testing platform, developed by Rapid7. It is available in an open-source version (Metasploit Framework) and a commercial version (Metasploit Pro). The platform integrates reconnaissance tools, an exploit database, payload generation, post-exploitation techniques and reporting in a single environment.
Metasploit Framework contains thousands of exploits for various operating systems, services and applications, hundreds of payloads (including Meterpreter - an advanced post-exploitation agent), auxiliary modules (scanning, enumeration, fuzzing), post-exploitation modules (credential harvesting, pivoting, privilege escalation) and evasion modules (bypassing security systems).
Meterpreter - Metasploit’s flagship payload - operates in RAM (leaving no traces on disk), supports encrypted communication, enables screen capture, keylogging, process migration and many other post-exploitation operations. Metasploit integrates with other tools including Nmap, Cobalt Strike and Burp Suite.
Why does it matter?
Metasploit is a standard tool in penetration testing and offensive security training. Its knowledge is required for certifications such as OSCP. For security teams, it is important to recognise that the same techniques used by penetration testers are available to attackers - understanding Metasploit’s capabilities helps build more effective defences.
Related topics
Related SEQRED services
Need help in this area?
Our experts will help you assess the risk and plan next steps.