Metasploit Pro is for users who prefer to use a web interface for pen testing. Some features available in Pro are unavailable in Metasploit Framework.
Pro Features not in Metasploit Framework
- Task Chains
- Social Engineering
- Vulnerability Validations
- GUI
- Quick Start Wizards
- Nexpose Integration
If you are a command line user, but still want access to the commercial features, Metasploit Pro includes its very own console, which is very much like msfconsole, except it gives you access to most of the features in Metasploit Pro via the command line.
Metasploit Pro Features
Metasploit Pro offers pen testing features to help you simulate real world attacks, collect data, and remediate found exploits.
Infiltrate
- Manual Exploitation
- Anti-virus Evasion
- IPS/IDS Evasion
- Proxy Pivot
- Post-Exploration Modules
- Session Clean Up
- Credentials Reuse
- Social Engineering
- Payload Generator
- Quick Pen Testing
- VPN Pivoting
- Vulnerability Validation
- Phishing Wizard
- Web App Testing
- Persistent Sessions
Collect Data
- Import and scan data
- Discovery Scans
- MetaModules
- Nexpose Scan Integration
Remediate
- Bruteforce
- Task Chains
- Exploitation Workflow
- Session Rerun
- Task Replay
- Project Sonar Integration
- Session Management
- Credential Management
- Team Collaboration
- Web Interface
- Backup and Restore
- Data Export
- Evidence Collection
- Reporting
- Tagging Data
Interfaces
Metasploit Pro comes with a web interface and a command line interface. Most features available in the web interface are also available in the command line.
Web Interface
A web interface is available for you to work with Metasploit Pro. To launch the web interface, open a web browser and go to https://localhost:3790
. To learn more about the web interface see Using the Metasploit Web Interface.
Pro Console
The Pro Console enables you to interact with Metasploit Pro from the command line. It is similar to the Metasploit Framework console.
Metasploit Framework
The Metasploit Framework is the foundation on which the commercial products are built. It is an open source project that provides the infrastructure, content, and tools to perform penetration tests and extensive security auditing.
There are quite a few resources available online to help you learn how to use the Metasploit Framework; however, we highly recommend that you take a look at the Metasploit Framework Wiki, which is maintained by Rapid7, to ensure that you have the most up to date information available.
Metasploit Architecture
The Metasploit Framework is an open source pen testing and development platform that provides you with access to the latest exploit code for various applications, operating systems, and platforms. You can leverage the power of the Metasploit Framework to create additional custom security tools or write your own exploit code for new vulnerabilities.
Modules
A module is a standalone piece of code, or software, that extends the functionality of the Metasploit Framework. Modules automate the functionality that the Metasploit Framework provides and enables you to perform tasks with Metasploit Pro.
A module can be an:
- Exploit
- Auxiliary
- Payload
- No operation payload (NOP)
- Post-exploitation module
- Encoder
For example, an exploit uses a payload to deliver code to run on another machine. The payload will open a shell or a Meterpreter session to run a post-exploitation module. The encoder will make sure the payload is delivered and no operation payload will make sure the payload size is kept consistent.
Services
Metasploit Pro runs the following services:
- PostgreSQL - Runs the database that Metasploit Pro uses to store data from a project.
- Ruby on Rails - Runs the web Metasploit Pro web interface.
- Pro service - Also known as the Metasploit service, bootstraps Rails, the Metasploit Framework, and the Metasploit RPC server.
What’s Next
Get you trial && Download Pro Version
Download last pro version here