Metasploit is an exploitation framework used to exploit vulnerabilities on devices and deliver payloads
The installation of Metasploit is fairly easy and can be done in a few steps. I recommend just using a VM with Kali installed on it because Kali is shipped with Metasploit on it however you can use other distros and manually install is as well, you just need to make sure it doesn't get blocked by any firewall or AV and that you have root privileges. There is a way to install it on Windows however I have not tried doing that so if you would like it on a Windows device check the documentation on Rapid7's site for more information, I will be showing the steps for Linux below.
That should grab metasploit and install the framework. Once that is complete, type in the following command on a terminal to verify it works:
If you get an error from it about postgresql not running then you need to start the service for the database and then start the msf database which can be done with the following commands:
sudo service postgresql start
sudo msfdb init
After that, just start the msfconsole again and it should start up!
There are hundreds of different modules that you can use on Metasploit. Below is a list of the different kinds of modules found on Metasploit:
These modules are pretty self-explanatory. These are exploits made to target specific vulnerabilities in services, operating systems, or applications that enable you to perform various actions, execute specific code remotely, or gain access to the targeted host.
These modules typically do not directly exploit a host however they are very useful because they can enumerate more information about a host or service running on a host. The only modules I have used out of this group so far are scanners.
These modules are the fun packages you get to send to the remote system with after an exploit successfully executes on the remote host. A simple payload could be something like a reverse shell that lets you run commands on the host however a much better option is Meterpreter which I will go into more detail on below
As the name suggests, these are modules for further action once you have already gained access to a system with an exploit. These can be things such as privilege escalation, enumeration, password dumps, etc.
As of writing this I have no experience using these and have not learned about them however according to the documentation from Rapid7 they are used to generate random bytes to bypass standard IDS and IPS signature detection. I will update this once I understand more about how these work.