User:Axper/sandbox/metasploit

From ArchWiki

From the official site:

Consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins. The Metasploit Framework provides a truly impressive work environment. The MSF is far more than just a collection of exploits, it's an infrastructure that you can build upon and utilize for your custom needs. This allows you to concentrate on your unique environment, and not have to reinvent the wheel.

Currently, Metasploit requires to setup and configure Postgresql on target system to work. This wiki will show how to get metasploit-git working with a Postgresql database.

Installation

Install metasploitAUR from AUR.

Alternatively, the development version metasploit-gitAUR is also available, but requires additional configuration.

Setting up the database

Note: Commands which must be run from msfconsole will be prefixed with msf > in this article.

Metasploit can be used without a database, but cache operations like searching will be very slow.

This section will show how to set up Metasploit with Postgresql database server.

Follow the postgresql article and create a new database called msf3.

Start msfconsole and type:

msf > db_connect user@msf3

where user is your linux user's name.

Rebuild the database cache:

msf > db_rebuild_cache

Metasploit will rebuild the cache in the background, and you can contiue running commands meanwhile.

Note: It might take a while to rebuild the cache.
Tip: Run top or htop to monitor the status of cache building. During the process, Ruby/Postgres/Metasploit processes will eat up 50% of CPU time.

Interfaces

There are several interfaces available for Metasploit.

msfconsole

msfconsole interface provides the most features available in MSF.

To start it, simply type msfconsole. The prompt will change to msf > to indicate it's waiting for commands.

Note: Besides Metasploit commands explained below, your regular shell commands are available too!

msfcli

See also