In the first chapter where we discussed about the Metasploit framework basics, we stated that it has a modular architecture. This means that all the exploits, payloads, encoders, and so on are present in the form of modules. Modular architecture makes it easier to extend the functionality of the framework. Any programmer can develop his/her own module and port it easily into the framework. A complete penetration testing process can include several modules in operation. For example, we start with an exploitation module, then we use a payload module, then we can use several post exploitation modules once the target has been compromised. At last, we can also use different modules to connect to the database and store our findings and results. Even though modules are not very much talked about while working with Metasploit, they form the crux of the framework, so it is essential to have a deep understanding of it.

In this chapter, we will particularly focus on the pentest/exploits...