2. WHAT IS PEN
TEST?
1. Practice of testing a computer system,
network .
OR
2. Web application to find vulnerabilities
that an attacker could exploit.
OR
3. A pen test can also be used to test an
organization's security policy , the
organization's ability to identify and
respond to security incidents.
OR
4. Penetration tests are sometimes
called white hat attacks because in a
pen test, the good guys are
attempting to break in.
5. ARCHITECTURE
REX LIBRARY - Collection of classes and
modules that may be useful to more than one
project.
MSF CORE - Interfaces that allow for
interacting with exploit modules,
sessions, and plugins.
MSF BASE - Simpler wrapper routines
,utility classes for dealing with
different aspects of the framework.
UI – msfconsole , Armitage which
makes penetration testing easy by
adding a GUI to
the Metasploit framework.
6. METASPLOIT FRAMEWORK
Exploit
Exploit is the means by which an attacker takes
advantage of a flaw or vulnerability in a network,
application, or service.
Payload
A payload is the program or code that is delivered to
the victim system.
Shell code
This is a set of instructions used as a payload when
the exploitation occurs. Shell code is typically written
in assembly language, but not necessarily always
Module
A module is a piece of software that can be used by
the Metasploit Framework.
Listener
This is that component that listens for the connection
from the hacker's system to the target system. The
listener simply handles the connection between these
systems.