rapid7/metasploit-framework

Stars
31,198
Rank 512 (Top 0.02 %)
Language
Ruby
License
Other
Created over 12 years ago
Updated 7 months ago

rapid7/metasploit-framework

rapid7

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Metasploit Framework

Metasploit

The Metasploit Framework is released under a BSD-style license. See COPYING for more details.

The latest version of this software is available from: https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html

You can find documentation on Metasploit and how to use it at: https://docs.metasploit.com/

Information about setting up a development environment can be found at: https://docs.metasploit.com/docs/development/get-started/setting-up-a-metasploit-development-environment.html

Our bug and feature request tracker can be found at: https://github.com/rapid7/metasploit-framework/issues

New bugs and feature requests should be directed to: https://r-7.co/MSF-BUGv1

API documentation for writing modules can be found at: https://docs.metasploit.com/api/

Questions and suggestions can be sent to: Freenode IRC channel or e-mail the metasploit-hackers mailing list

Installing

Generally, you should use the free installer, which contains all of the dependencies and will get you up and running with a few clicks. See the Dev Environment Setup if you'd like to deal with dependencies on your own.

Using Metasploit

Metasploit can do all sorts of things. The first thing you'll want to do is start msfconsole, but after that, you'll probably be best served by reading the basics of using Metasploit or Metasploit Unleashed.

Contributing

See the Dev Environment Setup guide on GitHub, which will walk you through the whole process from installing all the dependencies, to cloning the repository, and finally to submitting a pull request. For slightly more information, see Contributing.

metasploitable3

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

metasploit-payloads

Unified repository for different Metasploit Framework payloads

hackazon

A modern vulnerable web app

ssh-badkeys

A collection of static SSH keys (public and private) that have made their way into software and hardware products.

IoTSeeker

Created by Jin Qian via the GitHub Connector

recog

Pattern recognition for hosts, services, and content

metasploit-vulnerability-emulator

Created by Jin Qian via the GitHub Connector

mettle

This is an implementation of a native-code Meterpreter, designed for portability, embeddability, and low resource utilization.

meterpreter

THIS REPO IS OBSOLETE. USE https://github.com/rapid7/metasploit-payloads INSTEAD

sonar

metasploit-omnibus

Packaging metasploit-framework with omnibus

warvox

dap

Data Analysis Pipeline

nexpose-client

DEPRECATED: Rapid7 Nexpose API client library written in Ruby

embedded-tools

awsaml

Awsaml is an application for providing automatically rotated temporary AWS credentials.

myBFF

myBFF - a Brute Force Framework

docker-logentries

Forward all your Docker logs to logentries, like a breeze

le_node

Node module for logentries.com

jsobfu

Obfuscate JavaScript (beyond repair) with Ruby

metasploit-javapayload

THIS REPO IS OBSOLETE. USE https://github.com/rapid7/metasploit-payloads INSTEAD

ruby_smb

A native Ruby implementation of the SMB Protocol Family

vm-console-client-python

the UNOFFICIAL (but useful) Python library for the Rapid7 InsightVM/Nexpose RESTful API

le_js

Client-side JavaScript logging library for Logentries

vm-automation

Created to simplify interactions with virtual machines

insightconnect-plugins

Plugin source code for the InsightConnect SOAR product, developer documentation at https://docs.rapid7.com/insightconnect/getting-started

conqueso

Centrally and dynamically change configuration values of your services!

smbj-rpc

Created by Paul Miseiko via the GitHub Connector

metasploit_data_models

MSF database code, gemified

rex-powershell

Rex library for dealing with Powershell Scripts

DLLHijackAuditKit

This toolkit detects applications vulnerable to DLL hijacking (released in 2010)

metasploit-aggregator

Created by Jeffrey Martin via the GitHub Connector

go-get-proxied

Cross platform retrieval of system proxy configurations

insightvm-sql-queries

InsightVM helpful SQL queries

rex

Rex provides a variety of classes useful for security testing and exploit development.

le_ruby

Ruby logging support for logentries.com

data

convection

A fully generic, modular DSL for AWS CloudFormation

github-connector

The GitHub Active Directory Connector allows managing GitHub organizations with Active Directory.

krip

Dead simple encryption, using WebCrypto under the hood

le_dotnet

.NET support for Logentries

le_java

Direct logging support for Java language

metasploit-credential

Code for modeling and managing credentials in Metasploit, implemented as a Rails Engine

re2-java

vaccination

metasploit-baseline-builder

Created by Jeffrey Martin via the GitHub Connector

nexpose-client-python

DEPRECATED : Rapid7 Nexpose API client library written in Python

nexpose-resources

Scripts, SQL queries, and other resources for Nexpose

metabot

Use security tools from within IRC.

pdf-renderer

Golang based app that will render an html page and create a pdf.

lecli

Seamlessly view recent events, run queries and manage your account from the command line

msfrpc-client

Rapid7 Metasploit API client library written in Ruby

propsd

Dynamic property management at scale

builderator

Tools to make CI Packer builds awesome

sonar-client

savery

tabtalk

Secure, encrypted cross-tab communication in the browser

le_chef

Websploit-Tests

A place for scripts that describe web exploits to live so they can be used in testing

rex-text

Rex library for text generation and manipulation

rex-exploitation

Rex library for various exploitation helpers

godap

The Data Analysis Pipeline

memorandom

dogwatch

A Ruby DSL to create DataDog monitors.

akheron-proxy

UART proxy tool for inter-chip analysis.

metakitty

Metakitty, The Metasploit Resource Portal

guardian

A lightweight authentication proxy for HTTP services

le_community_packs

Logentries Community Packs

le_lambda

FullAutoOSINT

fastlib

FastLib provides a "jar-like" format for Ruby libraries, with specific features for the Metasploit Framework

react-prefixer

nexpose_java_api

DEPRECATED : A library used to connect to the Nexpose API

raptor-io

The eventual successor to the networking/IO functionalities of Metasploit's REX library

geppetto

Geppetto - Virtual machine and infrastructure orchestration

presales-engineering

marionette.carpenter

A thing that makes tables

docker-image-analyzer

docker image analyzer

tokend

A Node.js daemon that interfaces with Vault and Warden to provide a secure method to deliver secrets to servers in the cloud.

rex-socket

The Rex Socket Abstraction Library

psych_shield

PsychShield provides a filtering mechanism for YAML.load when using the Psych parser

appspider-pentestkit

Created by Denis Podgurskiy via the GitHub Connector

rex-bin_tools

Created by David Maloney via the GitHub Connector

metasploit-vagrant-builders

Build tools to generate vagrant images used by metasploit-framework CI

javascript-style-guide

vm-console-client-ruby

The UNOFFICIAL (but useful) Ruby gem for the Rapid7 InsightVM/Nexpose RESTful API

insightcloudsec-actions

insightvm-api-examples

Created by Ivan Quintanilla via the GitHub Connector

network_interface

attackerkb

Repo for creating-and-tracking issues related to AttackerKB

metasploit-model

Common code, such as validators and mixins, that are shared between ActiveModels in metasploit-framework and ActiveRecords in metasploit_data_models

jenkinsci-appspider-plugin

Jenkins plugin that calls the AppSpider API

insightappsec-azure-devops-extension

Rapid7 InsightAppSec Extension for Azure DevOps

recog-java

armor

acs

Automatic Ciphertext Service

r7insight_node

node logging support for InsightOps

r7insight_js

Client-side JavaScript logging library for InsightOps

conqueso-client-java

Connect your Java services to Conqueso

insightappsec-api-examples

Project intended to provide guides for InsightAppSec API examples and use cases