I am sure anyone who does penetration testing or is active in the security field knows what Metasploit is, and what it does. However the initial learning curve for Metasploit may be daunting for security newbies who are interested in penetration testing but have no idea where to start.
Armitage is an advanced graphical representation of the Metasploit framework. Its main feature is to map each stages of penetration testing - information gathering, exploitation, and post exploitation into a few clicks.
Launching Armitage in Backtrack 5 r2
Launching Armitage in BackTrack
Starting Metasploit RPC Server
2. Information Gathering
Information gathering is the most important component for any penetration testing. Without the necessary information, there is no way to carry on an efficient penetration test. Armitage provides features for information enumeration by leveraging on nmap and other Metasploit scanning module. The three main scanning features are nmap, msfscan and DNS enumeration.
msfscan is a bundle of Metasploit Auxiliary Scanning The scan will run regardless of the availability of the target host. Therefore, for a more efficient scan, it would be better to first run a ARP scan or ping discovery using nmap before using msfscan.
Results returned from any scan in Armitage will be stored in its database. It will be very useful to review these information in other stages of a penetration test. Armitage also allows importing scan results from other tools such as Nessus or nmap into its database; giving users the flexibility to include results from other tools.
List of Scans
nmap Scan Results
Armitage has made the exploitation process a clicking game. By selecting "Find Attack", Armitage will shortlist exploits based on the information gathered from the previous phase.
Users can then launch the respective exploit by clicking on "Launch". All information required by the Metasploit framework will be filled in by Armitage automatically. However, the default settings provided by Armitage might not be sufficient all the time.
Once an exploit is successful, the graphical representation of the target host will turn red.
One interesting function I'd find very interesting is "Hail Mary". It allow users to to launch all exploits shortlisted by Armitage.
Find Exploitation Applicable to the Host
List of Applicable Exploits
Options for Launching an Exploit
Target Host Exploited Successfully
4. Post Exploitation
The best part of Armitage is the ability to run all the post-exploitation processes with just a few clicks.
The list of features available are:
There are additional post exploitation modules available on the left panel. For command line fanatic, you can choose to interact with the session and do your magic.
Post Exploitation Options
View Items Stored in Armitage Database
ARP Scan through Exploited Host
Attack Pivot Route
Executing "Hail Mary" on Newly Discovered Hosts
Post Exploitation Modules