Make Metasploit Easy With Armitage
Metasploit's a complex project, but it's an essential penetration testing tool. Learn to tame its power with Armitage, a GUI for Metasploit.
The Metasploit framework is a hugely powerful open source security tool for penetration testing, and one which has won fans all over the world. But if there is one criticism of Metasploit, it's that it is not that easy to use, especially for those who want something powerful, simple and free to carry out an occasional test on the security of their own network.
But that's all changed thanks to Armitage, a free "graphical cyber attack management tool for Metasploit" that allows you to visualize your network and access the many features and functions of the Metasploit framework from a simple point and click graphical interface. Whether you already use Metasploit or you have put off trying it because of its complexity, there's no doubt that it's worth installing Armitage and giving it a spin.
Armitage works with the Linux or Windows versions of Metasploit, and for the purposes of this tutorial we'll be concentrating on the Windows version. (If you are a Linux user, you can download a Linux Armitage tarball from http://www.fastandeasyhacking.com/download)
First off you'll need:
- the Metasploit framework itself, version 3.5 or higher
- the latest Oracle Java SE
- and Armitage itself
Next, you'll need to set things up:
- Install Metasploit (to C:framework) then run the Metasploit Update applet (from the Metasploit Framework program group in your start menu)
- Unzip the downloaded Armitage zip file into C:framework. To make life easier, add a desktop shortcut to C:frameworkarmitage.bat on your desktop. (You can change the default Windows icon to the Armitage one you'll find in the Icons folder in C:framework)
- At this point it's a good idea to reboot your system to avoid any problems in the following steps.
Getting Armitage up and running
- Start Metasploit by clicking on the Metasploit Console icon in your Metasploit Framework program group.
- When it's running, load the Metasploit RPC daemon by typing:
and make a note of the XMLRPC password that is displayed - you'll need it in the next step.
- Start Armitage by double clicking on your desktop shortcut, and overwrite the text in the Pass box with the password (from the previous step.) Then click connect.
The Armitage user interface should now appear:
The Armitage UI is divided into three sections. The top left pane shows a list of Metasploit exploits and modules that you might want to use. The bottom panel provides a window onto what is going on behind the scenes in Armitage, and provides a place to enter commands directly into Metasploit.
The most useful panel is the Targets panel in the top right, which will initially be empty. It's here that you'll find a graphical display of any hosts you discover on the network you are testing, and from here that you'll launch many attacks.