Glossary

Auxiliary Module

An auxiliary module does not execute a payload and perform arbitrary actions that may not be related to exploitation. Examples of auxiliary modules include scanners, fuzzers, and denial of service attacks.

Bind Shell Payload

A bind shell attaches a listener on the exploited system and waits for the attacking machine to connect to the listener.

Campaign

A campaign is a logical grouping of components that you need to perform a social engineering attack. A campaign can contain only contain one email component, but can have multiple web pages or portable files.

Click Tracking

Click tracking is a method of client-side testing that tracks the number of human targets that click on a link. The web page tracks the number of visits and helps an organization identify how susceptible members of their organization are susceptible to social engineering attacks.

Database

The database stores host data, system logs, collected evidence, and report data.

Discovery Scan

A discovery scan is a Metasploit scan that combines Nmap and several Metasploit modules to enumerate and fingerprint targets.

Email Template

An email template contains predefined HTML content that you can insert into an email.

Exploit

An exploit is a program that takes advantage of a specific vulnerability and provides an attacker with access to the target system. An exploit typically carries a payload and delivers it to a target. For example, one of the most common exploits is windows/smb/s08-067_netapi, which targets a Windows Server Service vulnerability that could allow remote code execution.

Exploit Module

An exploit module executes a sequence of commands to target a specific vulnerability found in a system or application. An exploit module takes advantage of a vulnerability to provide access to the target system. Exploit modules include buffer overflow, code injection, and web application exploits.

Executable

An executable file that automatically runs when a human target opens the file. The executable runs a payload that creates a connection from the exploited machine back to the attacking machine.

File Format Exploit

A file format exploit targets a vulnerability in a specific application, such as Microsoft Word or Adobe PDF.

Human Target

A human target is the person who receives the social engineering attack or is part of a campaign.

Listener

A listener waits for an incoming connection from either the exploited target or the attacking machine and manages the connection when it receives it.

Meterpreter

Meterpreter is an advanced multi-function payload that provides you an interactive shell. From the Meterpreter shell, you can do things like download a file, obtain the password hashes for user accounts, and pivot into other networks. Meterpreter runs on memory, so it is undetectable by most intrusion detection systems.

Module

Most of the tasks that you perform in Metasploit require the use of a module, which is a standalone piece of code that extends the functionality of the Metasploit Framework. A module can be an exploit, auxiliary or post-exploitation module. The module type determines its purpose. For example, any module that can open a shell on a target is considered an exploit module. A popular exploit module is MS08-067.

Payload

A payload is the shell code that runs after an exploit successfully compromises a system. The payload enables you to define how you want to connect to the shell and what you want to do to the target system after you take control of it. A payload can open a Meterpreter or command shell. Meterpreter is an advanced payload that allows you to write DLL files to dynamically create new features as you need them. A payload can be a reverse shell payload or a bind shell payload. The major difference between these payloads is the direction of the connection after the exploit occurs.

Phishing Attack

A phishing attack is a form of social engineering that attempts to acquire sensitive information, such as usernames, passwords, and credit card information, from a human target. During a phishing attack, a human target receives a bogus email disguised as an authentic email from a trusted source, like the bank. Generally, the email contains a link that opens a fake web page that looks nearly identical to the official site. The style, logo, and other images may appear exactly as they are on the real website.

Portable File

A generated executable file that you can attach to an email or save to a USB key. When the victim opens the file, the executable runs the payload, starts a session on the victim’s machine, and connects back to your machine.

Project

All work in Metasploit Pro must be done inside of a project. A project is a container for the targets, tasks, reports, and data that are part of a penetration test. A project contains the workspace that you use to create a penetration test and configure tasks. Every penetration test runs from within a project.

Post-Exploitation Module

A post-exploitation module enables you to gather more information or to gain further access to an exploited target system. Examples of post-exploitation modules include hash dumps and application and service enumerators.

Resource File

A resource file refers to a web page template, email template, or target list. It is a reusable file that you can use in a campaign. Each project has its own set of resource files. The resource files are not shareable between projects.

Reverse Shell Payload

A reverse shell connects back to the attacking machine as a command prompt.

Shell

A shell is a console-like interface that provides you with access to a remote target.

Shellcode

Shellcode is the set of instructions that an exploit uses as the payload.

Target List

A target list defines the targets that you want to include in the social engineering campaign. You use the target list to specify the recipients that you want to email the social engineering attack.

Task

A task is an action that Metasploit Pro can perform. Examples of tasks include performing a scan, running a bruteforce attack, exploiting a vulnerable target, or generating a report.

Tracking GIF

A tracking GIF sets a browser cookie when a human target opens an email.

A tracking link consists of a URL path to a web page and a tracking string. When a target clicks on the URL, the system sets a cookie to track the visit and any subsequent visits.

Tracking String

A tracking string is a 64-bit string that encodes the target and email IDs. Campaigns use tracking strings to monitor the activity of a target.

Vulnerability

A vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system. A vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities. A compromised system can result in privilege escalation, denial-of-service, unauthorized data access, stolen passwords, and buffer overflows.

Visit

A visit occurs when a target clicks on a link and opens the web page.

Web Template

A web template contains predefined HTML content that you can insert into a web page.

Workspace

A workspace is the same thing as a project, except it's only used when referring to the Metasploit Framework.