Hacking made simple. That’s the easiest way to describe Metasploit, and its simplicity has made the pentesting framework an essential tool for many attackers and defenders. Point Metasploit at your target, pick an exploit, what payload to drop, and hit Enter.
It’s not quite as simple as that, of course, so let’s begin at the beginning. Back in ye olden days of yore, pentesting involved a lot of repetitive labor that Metasploit now automates. Information gathering? Gaining access? Maintaining persistence? Evading detection? Metasploit is a hacker’s Swiss army chainsaw (sorry, Perl!), and if you work in information security, you’re probably already using it.
Better still, the core Metasploit Framework is both free and libre software and comes pre-installed in Kali Linux. (It’s BSD-licensed, in case you’re curious). The framework offers only a command-line interface, but those wanting GUI-based click-and-drag hacking–plus some other cool features–can drop a bundle for per-seat licenses to Metasploit Pro.
Let’s take a closer look at how Metasploit works, and its history.