How to Use Metasploit’s Interface

Metasploit itself is a free open-source software, with many contributors in the security community. It supports Vulnerability Research, Exploits development, and also the creation of custom security tools. Metasploit Frameworks are widely used for pen testing and other security purposes. Metasploit offers more than one interface to its underlying functionality, including console, command line interfaces, and graphical interfaces. In addition to these interfaces of Metasploit, utilities provide direct access to functions that are normally offered by Metasploit Framework. these utilities can be invaluable for the exploit development and the situation where you do not need the flexibility of the entire framework.

MSF Console

MSF console is the most popular part of the Metasploit Frameworks. It is one of the framework’s most flexible, featured, and well-supported tools. MSF console provides an all-in-one interface to almost every option and setting available in the Framework. You can use the MSF console to do almost everything, including launching exploits, loading auxiliary modules, performing enumerations, creating listeners, or running mass exploitation to an entire network. Although the Metasploit Framework is almost changing, the basic way of using these interfaces and commands remains constant. By mastering the basics of the MSF console you will be able to keep up with any changes. 

Starting MSF console: To launch the MSF console, enter msfconsole in the command line:

msfconsole

 

to access the msfconsole help files, enter help followed by the command you want to explore more, for example in the picture below we have viewed the help command with connect command, which allows us to communicate with a host. the results of help lists usage, description of the tool, and the various options flags.

help connect

 

Some basic commands to get familiar with the MSF console are : 

1. Msfupdate: to update Metasploit Framework to its latest version, this command can be used. new versions of msfconsole don’t support this command in the alternative if this command you can use apt-get update or apt-get upgrade.

2. help: to get the list of commands available with msfconsole help command can be used, this will list all the commands that can be used with this framework like core commands, and database backend commands.

 

3. info: to get information about a specific exploit or module this command is used.

 

4. Search name: to search for specific exploits and modules this command is used.

5. Show exploits: to get all exploits listed available in the Metasploit framework this command is used.

 

6. Exit: this command is used to exit from msfconsole.

 

MSFcli

MSFcli and msfconsole take very different approaches to provide access to the Framework. where msfconsole provides us with an interactive way to access all the features in a user-friendly way, msfcli puts the scripting first and the interpretability of the framework. msfcli runs directly from the command line, which allows you to redirect output from other tools into msfcli and direct msfcli output to other command-line tools. msfcli also supports the launching of exploits and auxiliary modules. it can be used when testing modules or developing new exploits for the framework. it works fantastically when you know precisely which exploit and options you need. it is less forgiving than msfconsole. MSFcli can be accessed through the command:

 msfcli -help

 But now msfcli is unavailable in the Metasploit framework.

Armitage

The Armitage component of Metasploit is a fully interactive graphical user interface created by Raphael Mudge. This interface is highly impressive and serves many features available for free. These interfaces can be useful for those who prefer GUI to be more interactive. to launch Armitage, run the command, Armitage. if Armitage is not installed you can install it with the command:

sudo apt install Armitage

During the startup, select start MSF, which will allow Armitage to connect to your Metasploit instance easily.

After installing Armitage start the Metasploit database by running the command:

 sudo msfdb init

Once the database is started now we are good to start with Armitage to start Armitage type:

 sudo Armitage 

In the terminal. you will be asked if you want to initialize an RPC server, but for now, it is not mandatory. you can simply leave it disabled. After connecting the Armitage GUI will show up. you can start by adding a host, and defining or setting targets all the options are mentioned in the application taskbar to opt for.

 

Armitage is a great option for users who are not familiar with Linux consoles. The graphical user interface is pretty easy to use and understand as compared to Metasploit where users need to remember the commands to use the framework.