Metasploit Pro

By 0x1 Computer-security, Open-source, Shellcode, Anti-forensic, Comments

Metasploit Pro is for users who prefer to use a web interface for pen testing. Some features available in Pro are unavailable in Metasploit Framework.

Pro Features not in Metasploit Framework

Task Chains
Social Engineering
Vulnerability Validations
GUI
Quick Start Wizards
Nexpose Integration

If you are a command line user, but still want access to the commercial features, Metasploit Pro includes its very own console, which is very much like msfconsole, except it gives you access to most of the features in Metasploit Pro via the command line.

Metasploit Pro Features

Metasploit Pro offers pen testing features to help you simulate real world attacks, collect data, and remediate found exploits.

Infiltrate

Manual Exploitation
Anti-virus Evasion
IPS/IDS Evasion
Proxy Pivot
Post-Exploration Modules
Session Clean Up
Credentials Reuse
Social Engineering
Payload Generator
Quick Pen Testing
VPN Pivoting
Vulnerability Validation
Phishing Wizard
Web App Testing
Persistent Sessions

Collect Data

Import and scan data
Discovery Scans
MetaModules
Nexpose Scan Integration

Remediate

Bruteforce
Task Chains
Exploitation Workflow
Session Rerun
Task Replay
Project Sonar Integration
Session Management
Credential Management
Team Collaboration
Web Interface
Backup and Restore
Data Export
Evidence Collection
Reporting
Tagging Data

Interfaces

Metasploit Pro comes with a web interface and a command line interface. Most features available in the web interface are also available in the command line.

Web Interface

A web interface is available for you to work with Metasploit Pro. To launch the web interface, open a web browser and go to https://localhost:3790. To learn more about the web interface see Using the Metasploit Web Interface.

Pro Console

The Pro Console enables you to interact with Metasploit Pro from the command line. It is similar to the Metasploit Framework console.

Metasploit Framework

The Metasploit Framework is the foundation on which the commercial products are built. It is an open source project that provides the infrastructure, content, and tools to perform penetration tests and extensive security auditing.

There are quite a few resources available online to help you learn how to use the Metasploit Framework; however, we highly recommend that you take a look at the Metasploit Framework Wiki, which is maintained by Rapid7, to ensure that you have the most up to date information available.

Metasploit Architecture

The Metasploit Framework is an open source pen testing and development platform that provides you with access to the latest exploit code for various applications, operating systems, and platforms. You can leverage the power of the Metasploit Framework to create additional custom security tools or write your own exploit code for new vulnerabilities.

Modules

A module is a standalone piece of code, or software, that extends the functionality of the Metasploit Framework. Modules automate the functionality that the Metasploit Framework provides and enables you to perform tasks with Metasploit Pro.

A module can be an:

Exploit
Auxiliary
Payload
No operation payload (NOP)
Post-exploitation module
Encoder

For example, an exploit uses a payload to deliver code to run on another machine. The payload will open a shell or a Meterpreter session to run a post-exploitation module. The encoder will make sure the payload is delivered and no operation payload will make sure the payload size is kept consistent.

Services

Metasploit Pro runs the following services:

PostgreSQL - Runs the database that Metasploit Pro uses to store data from a project.
Ruby on Rails - Runs the web Metasploit Pro web interface.
Pro service - Also known as the Metasploit service, bootstraps Rails, the Metasploit Framework, and the Metasploit RPC server.