Notes
  • 笔记
  • 主站
  • Protocols
    • HTTPS
      • 协议
      • 公钥基础设施
      • 攻击PKI
      • HTTP和浏览器问题
      • 实现问题
      • 协议攻击
      • 部署
      • 性能优化
      • HTTP严格传输安全、内容安全策略和钉扎
    • KNX
      • KNX Basics
  • TOOLS
    • Metasploit
      • Metasploit Architecture
        • Filesystem and Libraries
        • Modules and Locations
        • Metasploit Object Model
        • Mixins and Plugins
      • Metasploit Fundamentals
        • MSFConsole
        • Exploits
        • Payloads
        • Databases
        • Meterpreter
  • King's College London
    • Required Modules
      • Security Engineering
      • Cryptography
      • Security Management
      • Network Security
      • Security Testing
      • Computer Forensics and Cybercrime
      • Individual Project
    • Optional Modules
      • Software Measurement and Testing
      • Network Theory
      • Mathematical English
        • 标点符号
        • 数学符号
        • 分数
        • 小数
        • 比例
        • 指数
        • 方根
        • 对数
        • 集合
        • 函数
        • 微积分
        • References
Powered by GitBook
On this page
  • Exploits
  • Auxiliary
  • Payloads, Encoders, Nops
  • Loading Additional Module Trees
  • References
  1. TOOLS
  2. Metasploit
  3. Metasploit Architecture

Modules and Locations

  • Primary Modules: /usr/share/metasploit-framework/modules/

  • Custom Modules: ~/.msf4/modules/

root@kali:~# ls /usr/share/metasploit-framework/modules/
auxiliary  encoders  exploits  nops  payloads  post

Exploits

  • Exploit modules are defined as modules that use payloads.

root@kali:~# ls /usr/share/metasploit-framework/modules/exploits/
aix        bsdi        firefox  irix       multi    solaris
android    dialup      freebsd  linux      netware  unix
apple_ios  example.rb  hpux     mainframe  osx      windows

Auxiliary

  • Auxiliary modules include port scanners, fuzzers, sniffers, and more.

root@kali:~# ls /usr/share/metasploit-framework/modules/auxiliary/
admin    client   dos         gather  scanner  spoof  vsploit
analyze  crawler  example.rb  parser  server   sqli
bnat     docx     fuzzers     pdf     sniffer  voip

Payloads, Encoders, Nops

  • Payloads consist of code that runs remotely.

  • Encoders ensure that payloads make it to their destination intact.

  • Nops keep the payload sizes consistent across exploit attempts.

root@kali:~# ls /usr/share/metasploit-framework/modules/payloads/
singles  stagers  stages
root@kali:~# ls /usr/share/metasploit-framework/modules/encoders/
cmd  generic  mipsbe  mipsle  php  ppc  ruby  sparc  x64  x86
root@kali:~# ls /usr/share/metasploit-framework/modules/nops/
aarch64  armle  mipsbe  php  ppc  sparc  tty  x64  x86

Loading Additional Module Trees

  • Pass the -m option when running msfconsole to load additional modules at runtime.

root@kali:~# msfconsole -m ~/secret-modules/

  • Use the loadpath command, If you need to load additional modules after msfconsole being started.

msf > loadpath
Usage: loadpath </path/to/modules>

Loads modules from the given directory which should contain subdirectories for
module types, e.g. /path/to/modules/exploits

msf > loadpath /usr/share/metasploit-framework/modules/
Loaded 399 modules:
    399 payloads

References

PreviousFilesystem and LibrariesNextMetasploit Object Model

Last updated 4 years ago

LogoMetasploit Modules and Locations | Offensive Securityoffsectraining