 |
Metasploit is an open source penetration testing tool that can be used to develop and execute exploit code against a remote target machine.
Let that sink in for a moment because that sentence is sufficient to completely describe what Metasploit is. And I’m here to dedicate an entire post on what that sentence is all about. Let’s start from the beginning.
What is an exploit code?
A vulnerability is a weakness that can be used by an
attacker with the right skills to compromise – that is to break in – a system
or a machine. An exploit code is a piece of code that is used by the attacker
to do the breaking in. Payload is the code that will be running in the system
after breaking in.
For example think of a safe with a window made of thin
glass. The safe is our system and the glass window is our vulnerability. A
robber can use a hammer to break the glass and decide to take only checks. The
hammer is our exploit code and going through the safe to get the checks is our
payload.
What is a penetration testing tool?
Penetration simply gathers the above said scenario into a
single word. Penetration testing refers to the authorized attempt to try out
exploit codes in order to discover a systems vulnerabilities.
So what is Metasploit again?
Metasploit is a penetration tool that can develop and
execute exploit code (it builds hammers for our robber). Currently, Metasploit
holds the record for owning the largest number of public tested exploits.
Image source - metasploited.blogspot.com
Image source - metasploited.blogspot.com
0 comments:
Post a Comment