Metasploit Community

Metasploit Community is a professional software application specialized in offering information about security vulnerabilities with the aid of penetration testing tools. It provides support for network discovery, vulnerability scanner import, basic exploitation and module browser.

The program runs as a web server on your computer and can be accessed via your web browser. In order to access the service, you are required to provide information about the username, password, full name, email address and organization, as well as select the time zone.

All your penetration tests are recorded as projects, and the tool comes with a set of predefined ones useful for getting started with, such as Hosts, Notes, Vulnerabilities, Services, Captured Data, Tasks, Sessions and Campaigns.

The utility also displays a project overview, which includes details about the discovered hosts, opened and closed sessions and collected evidence.

You may define your own project by specifying the name, adding a short description and entering the network range. Within a project, you are given the freedom to define target systems, network boundaries, modules and web campaigns, as well as use discovery scan mode for identifying target systems and bruteforce attack for gaining access to systems.

Administrators are given the possibility to carry out several tasks, such as manage projects, accounts, global settings and software updates.

When it comes to global settings, you can set the payload type for the modules, enable access to the diagnostic console through web browser, as well as update the license key and perform software updates.

Metasploit Community comes with a powerful host scan feature able to identify vulnerable systems within the target network range. It records information about the services, vulnerabilities and captured evidence for hosts. Plus, you can add vulnerabilities, notes, tag and tokens to identified hosts.

An exploit can be executed from the Modules menu by using the search engine for finding a specific engine and defining the target hosts, payload options, module and advanced parameters, as well as evasion options. The purpose of an exploit is to target a specific vulnerability detected in your system, including buffer overflow, code injection and web application exploits.

The Community edition is suitable especially for students or small businesses as it includes a limited set of features. If you are an IT security professional, you can check out the professional version of the application, which integrates support for smart exploitation, advanced vulnerability verification, password audition, web application scanning mode, social engineering, team collaboration, reporting, enterprise-level support, security audit wizards and meta-modules.