Metasploit: Hands-on Guide to Pentesting with Metasploit
4.0 (15 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
117 students enrolled

Metasploit: Hands-on Guide to Pentesting with Metasploit

Get started with the Metasploit Framework to access and test your system's security & create threat-free environment
4.0 (15 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
117 students enrolled
Created by Packt Publishing
Last updated 12/2018
English [Auto-generated]
Current price: $139.99 Original price: $199.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 8.5 hours on-demand video
  • 1 downloadable resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Get to know the absolute basics of the Metasploit framework
  • Set up the Metasploit environment along with your own virtual testing lab.
  • Deep dive into Metasploit for information gathering and enumeration before planning the blueprint for the attack on the target system.
  • Leverage Metasploit capabilities to perform Web application security scanning.
  • Find and exploit vulnerabilities in networks and web applications effectively.
  • Perform Vulnerability assessment and Penetration testing with Metasploit
  • Attack on a remote machine using group of exploits.
  • No knowledge about Metasploit is assumed as you will go from a beginner to an expert in Metasploit in no time!

Metasploit is a popular penetration testing framework and has one of the largest exploit databases around. It is also called as playground for hackers where they demonstrate their skill by protecting or damaging the target. So if you wish to to carry out elementary penetration testing in highly secured environments then, this course is for you!

With this easy to digest practical guide to Metasploit, you will first learn how to correctly configure Metasploit & how to troubleshoot potential errors, as well as scan the different services to identify vulnerabilities. Then you will learn to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools. Along with this, learn how hackers use the network to gain access to different systems. Moving on, you will gain deep knowledge about web application security scanning and bypassing anti-virus and clearing traces on the target system post-compromise. Finally, you'll explore how exploits and payloads work together to gain access to systems.

By end of this course you will be able to use Metasploit to quickly assess the security structure of systems and networks to reduce risk.

Contents and Overview

This training program includes 2 complete courses, carefully chosen to give you the most comprehensive training possible.

The first course, Beginning Metasploit teaches you the practical implementation of Metasploit. Each section will get you started with Metasploit by enumerating available services, identifying potential weaknesses, and testing vulnerabilities through exploitation. The course will show you how to correctly configure Metasploit and how to troubleshoot potential errors. You will scan the different services to identify vulnerabilities. Finally, you will explore sophisticated, real-world scenarios where performing penetration tests is a challenge.

The second course, Learning Metasploit will begin by introducing you to Metasploit and its functionality. Next, you will learn how to set up and configure Metasploit on various platforms to create a virtual test environment. You will also get your hands on various tools and components used by Metasploit. Further, in the video, you will learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools. Next, you'll get hands-on experience carrying out client-side attacks. Moving on, you'll learn about web application security scanning and bypassing anti-virus and clearing traces on the target system post-compromise. This video will also keep you updated with the latest security techniques and methods that can be directly applied to scan, test, hack, and secure networks and systems with Metasploit. By the end of this course, you'll get the hang of bypassing different defences, after which you'll learn how hackers use the network to gain access to different systems.

The third course, Hands-On Penetration Testing with Metasploit will help you explore several supporting tools on Kali Linux. Next, you'll explore how exploits and payloads work together to gain access to systems. Finally, you'll learn how Metasploit Framework works. By the end of this course, you'll have a better understanding of how to use Metasploit to quickly assess the security posture of systems and networks to reduce the risk of attack.

About the Authors:    

  • Alexis Ahmed is an experienced Ethical Hacker and Cyber Security Expert with over 6 years' experience, He also develops Android apps and games in his free time. In addition, he is also a Web Developer with over 4 years' experience and he loves creating beautiful and functional websites for clients all over the world. He also has a YouTube channel with over 60,000 subscribers (and more than 2 million views!) where he makes videos on Ethical Hacking, Linux, and programming.

  • Sagar Rahalkar is a seasoned information security professional having more than 10 years of comprehensive experience in various verticals of IS. His domain expertise is mainly into breach detection, cybercrime investigations, digital forensics, application security, vulnerability assessment and penetration testing, compliance for mandates and regulations, IT GRC, and much more. He holds a master’s degree in computer science and several industry-recognized certifications such as Certified Cyber Crime Investigator, Certified Ethical Hacker, Certified Security Analyst, ISO 27001 Lead Auditor, IBM certified Specialist-Rational AppScan, Certified Information Security Manager (CISM), and PRINCE2. He has been closely associated with Indian law enforcement agencies for more than 3 years dealing with digital crime investigations and related training and received several awards and appreciation from senior officials of the police and defence organizations in India. Sagar has also been a reviewer and author for various books and online publications

  • Sunil Gupta;He is a Certified Ethical Hacker. Currently he teaches 50,000+ students online in 150+ countries. He is a specialist in the Ethical Hacking and Cyber Security areas. Author strengths – Vulnerability Assessment, Penetration Testing, Intrusion Detection, Risk Identification, Data Analysis, Report and Briefing.

Who this course is for:
  • This course is aimed at penetration tester, ethical hacker, or security consultant who wants to understand the Metasploit framework and carry out penetration testing in highly secured environments.
Course content
Expand all 73 lectures 08:20:31
+ Beginning Metasploit
18 lectures 02:27:14

This video will give you an overview of the course.

Preview 06:01

In this video, you will get to know the fundamentals of Metasploit.

  • Understand the fundamentals

Fundamentals of Metasploit

Learn the important MSF console commands.

  • Go through the database commands

  • Understand the Help commands

  • Console and core commands

Metasploit Framework Console Commands

The benefits of using Metasploit.

  • Understand the benefits of using Metasploit for a penetration test

Benefits of Metasploit

In this video, we will be performing a complete penetration test with Metasploit.

  • Perform scanning

  • Understand exploitation

Penetration Testing with Metasploit

Learn how to scan for FTP services.

  • Go through console commands

  • Go through the FTP module

  • Perform scanning

Scanning FTP Services

Learn how to scan for MSSQL services.

  • Go through console commands

  • Understand the MSSQL module

  • Perform scanning

Scanning MS SQL Services

Learn how to scan for HTTP services.

  • Go through console commands

  • Understand the HTTP module

  • Perform scanning

Scanning HTTP Services

Learn how to install Metasploitable2.

  • Download Metasploitable2

  • Install Metasploitable2

  • Log in

Installing Metasploitable2

Learn how to exploit FTP services.

  • Go through console commands

  • Understand exploitation

Exploiting FTP

See how to exploit browsers.

  • Go through console commands

  • Understand the module

  • Understand exploitation

Exploiting Browsers

Learn how to exploit Android devices with Metasploit.

  • Go through console commands

  • Generate payloads

  • Understand exploitation

Exploiting Android

Perform post-exploitation with Meterpreter.

  • Explore the commands

  • Go through directory traversal

Post-Exploitation with Meterpreter

Obtain password hashes.

  • Go through Meterpreter commands

  • Obtain password hashes

Getting Password Hashes

Learn how to perform privilege escalation with Meterpreter.

  • Understand privilege escalation commands

  • Explore the libraries

Privilege Escalation with Meterpreter

Perform information gathering with Nmap and Metasploit.

  • Understand Nmap commands

  • Service fingerprinting

Fingerprinting and Scanning with Nmap

Perform exploitation with Metasploit.

  • Perform module selection


Learn how to spawn a tty shell.

  • Go through Python spawning

  • Understand shell commands

Spawning a tty Shell
Test Your Knowledge
4 questions
+ Learning Metasploit
28 lectures 02:17:18

This video gives an overview of the entire course.

Preview 06:30

Metasploit is essentially a robust and versatile penetration testing framework. It can literally perform all tasks that are involved in a penetration testing life cycle. Also, since it's a complete framework and not just an application, it can be customized and extended as per our requirements.

  • Understand Metasploit

  • See phases of penetration testing life cycle

Exploring Metasploit

Metasploit can be made even more useful if integrated with some other tools. Few tools complement Metasploit's capability to perform more precise penetration on the target system.

  • Look at Nessus

  • See Nmap

  • Explore Armitage

Effective and Powerful Supplementary Tools

Kali Linux requires no installation. Metasploit comes pre-installed with the Kali Virtual machine. All the supporting tools also come pre-installed with the Kali Virtual Machine. Save time and effort in setting up Metasploit and other supporting tools individually.

  • Download the Kali Linux virtual machine

  • Extract it from zip file

  • Open the terminal and type msfconsole

Using the Kali Linux Virtual Machine

Metasploit Framework can be easily installed on a Windows based operating system. However, Windows is usually not the platform of choice for deploying Metasploit Framework, the reason being, that many of the supporting tools and utilities are not available for Windows platform. Hence it's strongly recommended to install the Metasploit Framework on Linux platform.

  • Download the latest Metasploit Windows installer

  • Type msfconsole and hit Enter

  • Open a terminal window and type


Metasploit is a powerful penetration testing framework which, if not used in a controlled manner, can cause potential damage to the target system. For the sake of learning and practicing Metasploit, we can certainly not use it on any live production system for which we don't have any authorized permission.

  • Extract Metasploitable virtual machine from the zip file to any location

  • Select the amount of memory allocated to the Virtual machine

  • Select the view tab and choose full screen mode

Setting Up Exploitable Targets in a Virtual Environment

The best way to learn the structure of Metasploit is to browse through its directory. When using a Kali Linux. The Metasploit Framework has a very clear and well-defined structure, and the tools/utilities within the framework are organized based on their relevance in various phases of the penetration testing life cycle. The Metasploit Framework has various component categories based on their role in the penetration testing phases.

  • Look at the anatomy of Metasploit

  • Explore Auxiliaries

  • See Exploits

Structure and Components of Metasploit

The msfconsole is nothing but a simple command-line interface of the Metasploit Framework. Though msfconsole may appear a bit complex initially, it is the easiest and most flexible way to interact with the Metasploit Framework.

  • Look at the banner command

  • See version command

  • Explore route command

Playing Around with msfconsole

For most exploits that we use within the Metasploit Framework, we need to set values to some of the variables. The Metasploit Framework is commercially backed by Rapid 7 and has a very active development community.

  • Look at the get command

  • Understand getg command

  • Explore msfupdate utility

Variables and Updating the Metasploit

In this section, we'll explore various auxiliary modules within the Metasploit Framework that can be effectively used for information gathering and enumeration of various protocols such as TCP, UDP, FTP, SMB, SMTP, HTTP, SSH, DNS, and RDP. For each of these protocols, you will learn multiple auxiliary modules along with the necessary variable configurations.

  • Use its auxiliary module for various protocols

  • Set the parameters

  • Run the command

Information Gathering and Enumeration

Password sniffing is a special type of auxiliary module that listens on the network interface and looks for passwords sent over various protocols such as FTP, IMAP, POP3, and SMB. Shodan is an advanced search engine that is used to search for internet connected devices such as webcams and SCADA systems.

  • Use its auxiliary module

  • Run the module

  • Type username and password

Advance Features in Metasploit

NMAP, an acronym for Network Mapper, is an extremely advanced tool that can be used for the following purposes: Host discovery, Service detection, Version enumeration, Vulnerability scanning, Firewall testing and evasion.

  • Look at the switches and its purposes

  • Scan with Metasploit

  • Import Nmap


While performing such tasks, a lot of data is generated in some form or the other. From the framework perspective, it is essential to store all data safely so that it can be reused efficiently whenever required. By default, the Metasploit Framework uses PostgreSQL database at the backend to store and retrieve all the required information.

  • Look at the usage of the workspace

  • Import scans

  • Execute hosts and services commands

Managing the Database

Nessus is a popular vulnerability assessment tool. Now, there are two alternatives of using Nessus with Metasploit, as follows: Perform a Nessus scan on the target system, save the report, and then import it into the Metasploit Framework using the db_import command.

Next is to Load, initiate, and trigger a Nessus scan on the target system directly through msfconsole.

  • Scan using Nessus from msfconsole

  • Launch the scan

  • Get list of hosts from a report


Previously, we used the MS08_067net api vulnerability in our target system and got complete administrator-level access to the system. Now, the exploit was successful only because the attacker's system and the target system both were on the same network. What if the network of attacker’s system and victim’s system were different?

  • Learn how to exploit the target system

Need of Client-Side Attacks

Earlier, the Metasploit Framework offered two different utilities, namely, msfpayload and msfencode. The msfpayload was used to generate a payload in a specified format and the msfencode was used to encode and obfuscate the payload using various algorithms. However, the newer and the latest version of the Metasploit Framework has combined both of these utilities into a single utility called msfvenom.

  • Explore various lists

  • Set up the listener

  • Look at the VBA

The msfvenom Utility

Social engineering is an art of manipulating human behavior in order to bypass the security controls of the target system. Let's take the example of an organization, which follows very stringent security practices. All the systems are hardened and patched. The latest security software is deployed. Technically, it's very difficult for an attacker to find and exploit any vulnerability. However, the attacker somehow manages to befriend the network administrator of that organization and then tricks him to reveal the admin credentials. This is a classic example where humans are always the weakest link in the security chain.

  • Generate malicious PDF

  • Infect the media drives

Social Engineering with Metasploit

We need to set up a test application environment in which we can fire our tests. As we know that metasploitable2 is a Linux distribution that is deliberately made vulnerable. It also contains web applications that are intentionally made vulnerable, and we can leverage this to practice using Metasploit's web scanning modules.

  • Configure the IP

  • Access it remotely from any web browser

Setting Up a Vulnerable Application

WMAP is a powerful web application vulnerability scanner available in Kali Linux. It is integrated into the Metasploit Framework in the form of a plugin.

  • Load and initiate the WMAP in Metasploit Framework

  • Create new site for our scan

  • Add target URL to be scanned

Web Application Scanning Using WMAP

We'll explore some additional auxiliary modules that can be effectively used for enumeration and scanning web applications.

  • Look at the Cert

  • See http_version module

Metasploit Auxiliaries for Web Application Enumeration and Scanning

We have already seen how to use the msfvenom utility to generate various payloads. However, these payloads if used as-is are most likely to be detected by antivirus programs. In order to avoid antivirus detection of our payload, we need to use encoders offered by the msfvenom utility.

  • Use Shikata_ga_nai encoder

  • Explore opt_sub encoder

  • Execute 7-zip compression utility

Using Encoders to Avoid AV Detection

The forensic tools and techniques are well developed and matured to search, analyze, and preserve any digital evidence in case of a breach/fraud or an incident.

  • Explore timestomp

  • Execute clearev


Armitage is nothing but a GUI tool for performing and managing all the tasks that otherwise could have been performed through msfconsole. Armitage helps visualize the targets, automatically recommends suitable exploits, and exposes the advanced post-exploitation features in the framework.

  • Explore Armitage

  • Start the Armitage console

Armitage Console

Now that we have added a target host to the Armitage console, we'll perform a quick port scan to see which ports are open here.

  • Perform the port scan

  • Perform NMAP scan

Scanning and Enumeration

Previously, we added a host to the Armitage console and performed a port scan and enumeration on it using NMAP. Now, we know that it's running a Debian-based Linux system. The next step is to find all possible attacks matching our target host.

  • Select the Attacks menu and click on find Attacks

  • See the list of applicable exploits by right-clicking on the host

  • Select the attack type as PostgreSQL for Linux Payload Execution

Find and Launch Attacks

Exploits can be of many different types. They can be classified based on various parameters such as platforms, architecture, and purpose served. Whenever any given vulnerability is discovered.

  • Learn about buffer overflow

  • Explore fuzzers

Exploit Development Concepts

Let's consider that you have written an exploit code for a new zero-day vulnerability. Now, to include the exploit code officially into the Metasploit Framework, it has to be in a particular format. Fortunately, you just need to concentrate on the actual exploit code, and then simply use a template to insert it in the required format.

  • Understand exploit module skeleton

  • Look at Metasploit mixins in detail

Exploit Templates and Mixins

New vulnerabilities across various applications and products are found on a daily basis. For most newly found vulnerabilities, an exploit code is also made public. Now, the exploit code is quite often in a raw format and not readily usable. Also, it might take some time before the exploit is officially made available as a module within the Metasploit Framework. However, we can manually add an external exploit module in the Metasploit Framework and use it like any other existing exploit module.

  • Download the MS17-010 module

  • Start msfconsole and issue a reload_all command

  • Use the use exploit command

Adding External Exploits to Metasploit
Test Your Knowledge
5 questions
+ Hands-On Penetration Testing with Metasploit
27 lectures 03:35:59

This video provides an overview of the entire course.

Preview 01:57

In this video, we will learn the basics of Metasploit.

  • Explore the Metasploit framework

  • Learn the Metasploit architecture

  • Explanation of Metasploit components

Metasploit Framework Overview

Get an understanding of various commands.

  • Explore Msfconsole to initialize Metasploit

  • Learn about Msfcli to add exploits

  • Explore Msfencode for encoding techniques

MSFconsole, MSFcli, and MSFencode

This video will help you learn about Exploit and Auxiliary

  • Explore information about Exploit

  • Learn about Auxiliary

  • Explanation of terminologies

Exploit and Auxiliary

This video aims to go through the installation process of VMware.

  • Learn about VMware

  • Download VMware

  • Install VMware

Installation of Virtual Machine

In this video, we will try to understand what linear and logistic regressionareandthe basic building blocks of neural networks with

  • Learn about the Kali Linux OS.

  • Download Kali Linux

  • Install Kali Linux

Installation of Kali Linux

This video will help you download and install Windows.

  • Learn about the Windows OS.

  • Download Windows

  • Install Windows

Installation of Windows10

In this video, you will learn information gathering.

  • Explore the web information gathering technique

  • Learn the network information gathering technique

Information Gathering

This video will help you learn about port scanning.

  • Explore listing port scanning profiles

  • Explanation about scanning profiles

Port Scanning Techniques

In this video, you will learn port scanning using Nmap.

  • Learn about the Nmap tool

  • Explore Nmap commands

  • An explanation of Nmap tools

Port Scanning with Nmap

In this video, you will learn various metasploit scanner scripts.

  • Learn about Metasploit port scanners

  • Explore the use of port scanners

  • Perform port scanning

Metasploit Port Scanners

In this video, you will learn about vulnerability scanning.

  • Explore vulnerability scanning

  • Learn about vulnerability scanning phases

  • Explanation of the vulnerability scanning process

Vulnerability Scanning

This video focuses on the installation of Nessus.

  • Learn about Nessus

  • Download Nessus

  • Install Nessus

Nessus Installation

In this video, you will learn to use Nessus in Metasploit.

  • Connect Metasploit with Nessus

  • Explore various Nessus commands

  • Report creation

Using Nessus by Writing Metasploit

This video will cover web scanning.

  • Learn about web scanning

  • Use of Wmap commands

  • Explanation of commands

Scanning a Website for Vulnerabilities

This video will help you learn about Router Pentesting.

  • Overview of Router Pentesting

  • Learn from a scenario

  • Explanation

Exploitation Overview

In this video, you will learn about exploiting Windows.

  • About Windows exploitation

  • Transfer malicious payload

  • Get a meterpreter session

Windows Exploitation

This video will help you learn about web exploitation.

  • About web exploitation

  • sqlmap tool commands

  • Explanation of sqlmap commands

Website Exploitation

In this video, you will learn about network exploitation.

  • Explore network exploitation

  • Set up FTP

  • Perform brute-force using the Hydra tool

Network Exploitation

This video will help you learn about post- exploitation.

  • Explore post- exploitation

Post-Exploitation – Overview

In this video, you will learn about Meterpreter commands.

  • Explore a Meterpreter session

  • Learn various Meterpreter commands

  • Explanation of Meterpreter commands


In this video, you will learn about Meterpreter scripts.

  • Explore Meterpreter scripts

  • Make use of Meterpreter scripts

  • Explanation of various scripts

Meterpreter Scripts

In this video, you will learn to perform privilege escalation.

  • Explore privilege escalation

  • Perform it using UAC exploit

  • Explanation of various commands

Bypassing UAC

In this video, you will learn to perform client-side attacks.

  • Explore client-side attacks

  • Installation of the framework

  • Exploit the target system

Client-Side Attack – Overview

In this video, you will learn to encode payload.

  • Explore MSFencode

  • Encode the payload

  • Perform exploitation

MSFencode Attack

In this video, you will learn about social engineering.

  • Get overview of social engineering attacks

  • SET tool overview

  • Explanation of social engineering attacks

Social Engineering

In this video, you will learn to perform social engineering using SET.

  • Get an overview of the social engineering toolkit

  • Generate a payload

  • Perform exploitation

Social Engineering Toolkit
Test Your Knowledge
4 questions