The Metasploit architecture was mainly written in Ruby and there are many modules and Libraries inside the Metasploit.
Each different Modules and Library has unique features and in the below section let’s deeply talk about Architecture, Modules and Libraries.
If you haven’t read Lesson 1 on what is Metasploit [Clcik here] to read
Here is the Github Repository of Metasploit Framework from the rapid 7
Metasploit File system
The Metasploit file system is where the Metasploit framework files exist.
The Metasploit Framework file in Kali Linux and also in Debian machine is stored under this directory /usr/share/metasploit-framework.
Once we navigate to the file system, You can understand the architecture of the files and the modules existing and also you can see the existing directory.
Metasploit File system Directory
Now, Let’s take a quick look at the important directory in Metasploit Framework.
The data directory mostly contains of editable files like wordlist, shell code, sounds, logos,meterpreter.
root@kali:~# ls /usr/share/metasploit-framework/data/ cpuinfo ipwn meterpreter snmp webcam eicar.com isight.bundle mime.yml sounds wmap eicar.txt john.conf msfcrawler SqlClrPayload wordlists emailer_config.yaml lab passivex templates exploits logos php vncdll.x64.dll flash_detector markdown_doc post vncdll.x86.dll
In the documentation, there is where the official documentation about the Metasploit framework
root@kali:~# ls /usr/share/metasploit-framework/documentation/ changelog.Debian.gz CONTRIBUTING.md.gz developers_guide.pdf.gz README.md CODE_OF_CONDUCT.md copyright modules
The Lib directory is the heart of Metasploit where we can find all the Libraries.
root@kali:~# ls /usr/share/metasploit-framework/lib/ anemone msfenv.rb rbmysql.rb sqlmap anemone.rb net rex tasks enumerable.rb postgres rex.rb telephony metasm postgres_msf.rb robots.rb telephony.rb metasploit rabal snmp windows_console_color_support.rb msf rbmysql snmp.rb
In Metasploit, there are 7 Modules Auxilary, encoders, evasion/windows, exploits, nops, payloads, post.
In the upcoming Lesson, Let’s dive deeper into modules.
root@kali:~# ls /usr/share/metasploit-framework/modules/ auxiliary encoders exploits nops payloads post
The Metasploit file system has plugins, Many don’t know even this directory exists. We can also add custom plugins let’s see about that in later Lessons.
root@kali:~# ls /usr/share/metasploit-framework/plugins/ aggregator.rb ips_filter.rb openvas.rb sounds.rb alias.rb komand.rb pcap_log.rb sqlmap.rb auto_add_route.rb lab.rb request.rb thread.rb beholder.rb libnotify.rb rssfeed.rb token_adduser.rb db_credcollect.rb msfd.rb sample.rb token_hunter.rb db_tracker.rb msgrpc.rb session_notifier.rb wiki.rb event_tester.rb nessus.rb session_tagger.rb wmap.rb ffautoregen.rb nexpose.rb socket_logger.rb
In the script directory, we can find the meterpreter, shell, ps, resource. Usually, we use the meterpreter and the shell after successful exploitation.
root@kali:~# ls /usr/share/metasploit-framework/scripts/ meterpreter ps resource shell
In the tools directory, we can find the utilities such as the password list.
root@kali:~# ls /usr/share/metasploit-framework/tools/ context dev exploit hardware memdump modules password recon
There are many Metasploit Libraries, Each library, has different functions and help in running Metasploit.
- The basic library for most tasks
- Handles sockets, protocols, text transformations, and others
- SSL, SMB, HTTP, XOR, Base64, Unicode
- Provides the ‘basic’ API
- Defines the Metasploit Framework
- Provides the ‘friendly’ API
- Provides simplified APIs for use in the Framework
There is much more Library we have seen only the most important, In upcoming classes, we will dive deeper into Libraries too.
In the next chapter, Let’s learn about the Metasploit Modules.