Division Zero (Div0). Copyright © 2011-2018

All rights reserved.

Armitage - Metasploit Made Easy

9 Aug 2012

1. Introduction

I am sure anyone who does penetration testing or is active in the security field knows what Metasploit is, and what it does. However the initial learning curve for Metasploit may be daunting for security newbies who are interested in penetration testing but have no idea where to start.


Armitage is an advanced graphical representation of the Metasploit framework. Its main feature is to map each stages of penetration testing - information gathering, exploitation, and post exploitation into a few clicks.


Launching  Armitage in Backtrack 5 r2


Launching Armitage in BackTrack

Starting Metasploit RPC Server

Armitage Overview


2. Information Gathering

Information gathering is the most important component for any penetration testing. Without the necessary information, there is no way to carry on an efficient penetration test. Armitage provides features for information enumeration by leveraging on nmap and other Metasploit scanning module. The three main scanning features are nmap, msfscan and DNS enumeration.


msfscan is a bundle of Metasploit Auxiliary Scanning The scan will run regardless of the availability of the target host. Therefore, for a more efficient scan, it would be better to first run a ARP scan or ping discovery using nmap before using msfscan.


Results returned from any scan in Armitage will be stored in its database. It will be very useful to review these information in other stages of a penetration test. Armitage also allows importing scan results from other tools such as Nessus or nmap into its database; giving users the flexibility to include results from other tools.

List of Scans

 nmap Scan Results


3. Exploitation

Armitage has made the exploitation process a clicking game. By selecting "Find Attack", Armitage will shortlist exploits based on the information gathered from the previous phase.


Users can then launch the respective exploit by clicking on "Launch". All information required by the Metasploit framework will be filled in by Armitage automatically. However, the default settings provided by Armitage might not be sufficient all the time.


Once an exploit is successful, the graphical representation of the target host will turn red.


One interesting function I'd find very interesting is "Hail Mary". It allow users to to launch all exploits shortlisted by Armitage.

Find Exploitation Applicable to the Host

List of Applicable Exploits 

Options for Launching an Exploit

Target Host Exploited Successfully


4. Post Exploitation

The best part of Armitage is the ability to run all the post-exploitation processes with just a few clicks.


The list of features available are:

  • Dump hash

  • Privilege escalation

  • Exploring the file system

  • Setup Pivot attack


There are additional post exploitation modules available on the left panel. For command line fanatic, you can choose to interact with the session and do your magic. 

Post Exploitation Options

View Items Stored in Armitage Database 

Dumped Hashes

ARP Scan through Exploited Host

Attack Pivot Route

Executing "Hail Mary" on Newly Discovered Hosts

Post Exploitation Modules

Share on Facebook
Share on Twitter
Please reload


September 5, 2017

Please reload

Please reload

RSS Feed