Hands-On Web Penetration Testing with Metasploit
上QQ阅读APP看书,第一时间看更新

Loading plugins in MSF

Plugins are an extended feature in Metasploit Framework. They are used to expand the reach of MSF by utilizing the flexibility of the Ruby language. This allows the plugin to do virtually anything, from building new automation capabilities to providing packet-level content filtering to bypass IDSes/IPSes. Plugins can also be used to integrate third-party software such as Nessus, OpenVAS, and Sqlmap into the framework. Follow these steps:

  1. To load a plugin, you need to use the load command:

  1. By default, Metasploit comes with some built-in plugins. These can be found by pressing the Tab button twice after using the load command:


Note: All the available built-in plugins can be found here: https://github.com/rapid7/metasploit-framework/tree/master/plugins
  1. Let's load the OPENVAS plugin by executing the load openvas command in the console. This plugin will be covered in later chapters:

  1. Once the plugin has been loaded successfully, you can execute the help command in the console and look for "OpenVAS Commands" to see all the supported commands for this specific plugin:


You can load custom plugins by copying the .rb plugin files in the <MSF_INSTALL_DIR>/plugins/ directory and executing the load command with the plugin name.