Metasploit Architecture
The Metasploit architecture was mainly written in Ruby and there are many modules and Libraries inside the Metasploit.
Each different Modules and Library has unique features and in the below section let’s deeply talk about Architecture, Modules and Libraries.
If you haven’t read Lesson 1 on what is Metasploit [Clcik here] to read
Here is the Github Repository of Metasploit Framework from the rapid 7
https://github.com/rapid7/metasploit-framework
Source: OSCP
Video
Metasploit File system
The Metasploit file system is where the Metasploit framework files exist.
The Metasploit Framework file in Kali Linux and also in Debian machine is stored under this directory /usr/share/metasploit-framework.
Once we navigate to the file system, You can understand the architecture of the files and the modules existing and also you can see the existing directory.
Metasploit File system Directory
Now, Let’s take a quick look at the important directory in Metasploit Framework.
Data
The data directory mostly contains of editable files like wordlist, shell code, sounds, logos,meterpreter.
root@kali:~# ls /usr/share/metasploit-framework/data/
cpuinfo ipwn meterpreter snmp webcam
eicar.com isight.bundle mime.yml sounds wmap
eicar.txt john.conf msfcrawler SqlClrPayload wordlists
emailer_config.yaml lab passivex templates
exploits logos php vncdll.x64.dll
flash_detector markdown_doc post vncdll.x86.dllDocumentation
In the documentation, there is where the official documentation about the Metasploit framework
root@kali:~# ls /usr/share/metasploit-framework/documentation/
changelog.Debian.gz CONTRIBUTING.md.gz developers_guide.pdf.gz README.md
CODE_OF_CONDUCT.md copyright modulesLib
The Lib directory is the heart of Metasploit where we can find all the Libraries.
root@kali:~# ls /usr/share/metasploit-framework/lib/
anemone msfenv.rb rbmysql.rb sqlmap
anemone.rb net rex tasks
enumerable.rb postgres rex.rb telephony
metasm postgres_msf.rb robots.rb telephony.rb
metasploit rabal snmp windows_console_color_support.rb
msf rbmysql snmp.rbModules
In Metasploit, there are 7 Modules Auxilary, encoders, evasion/windows, exploits, nops, payloads, post.
In the upcoming Lesson, Let’s dive deeper into modules.
root@kali:~# ls /usr/share/metasploit-framework/modules/
auxiliary encoders exploits nops payloads postPlugins
The Metasploit file system has plugins, Many don’t know even this directory exists. We can also add custom plugins let’s see about that in later Lessons.
root@kali:~# ls /usr/share/metasploit-framework/plugins/
aggregator.rb ips_filter.rb openvas.rb sounds.rb
alias.rb komand.rb pcap_log.rb sqlmap.rb
auto_add_route.rb lab.rb request.rb thread.rb
beholder.rb libnotify.rb rssfeed.rb token_adduser.rb
db_credcollect.rb msfd.rb sample.rb token_hunter.rb
db_tracker.rb msgrpc.rb session_notifier.rb wiki.rb
event_tester.rb nessus.rb session_tagger.rb wmap.rb
ffautoregen.rb nexpose.rb socket_logger.rbScript
In the script directory, we can find the meterpreter, shell, ps, resource. Usually, we use the meterpreter and the shell after successful exploitation.
root@kali:~# ls /usr/share/metasploit-framework/scripts/
meterpreter ps resource shellTools
In the tools directory, we can find the utilities such as the password list.
root@kali:~# ls /usr/share/metasploit-framework/tools/
context dev exploit hardware memdump modules password reconMetasploit Libraries
There are many Metasploit Libraries, Each library, has different functions and help in running Metasploit.
REX
- The basic library for most tasks
- Handles sockets, protocols, text transformations, and others
- SSL, SMB, HTTP, XOR, Base64, Unicode
MSF::CORE
- Provides the ‘basic’ API
- Defines the Metasploit Framework
MSF::BASE
- Provides the ‘friendly’ API
- Provides simplified APIs for use in the Framework
There is much more Library we have seen only the most important, In upcoming classes, we will dive deeper into Libraries too.
In the next chapter, Let’s learn about the Metasploit Modules.
