rapid7/metasploit-framework

Metasploit Framework is a widely used open-source security testing platform that helps security professionals and researchers discover, validate, and exploit vulnerabilities in computer systems. The problem it solves is that manually probing a network or application for security weaknesses is slow, error-prone, and requires deep expertise for each type of vulnerability. Metasploit provides a structured library of pre-built attack modules, covering exploits, payloads, auxiliary scanners, and post-exploitation tools, so security teams can test their own systems systematically rather than starting from scratch every time. How it works: the framework is organized around the concept of modules. An exploit module takes advantage of a specific software vulnerability; a payload module defines what happens after a successful exploit (for example, opening a remote shell on the target machine); and auxiliary modules handle tasks like port scanning and credential testing that don't involve a full exploit. These modules are combined and launched through msfconsole, a command-line interface that lets you configure targets, choose modules, and run tests interactively. The framework stores results and maintains session state so you can continue interacting with a compromised host in a controlled, logged environment. You would use Metasploit during a penetration test, an authorized assessment where a company hires security professionals to attempt to break into their own systems and report findings before a real attacker does. It is also used in security research, CTF (Capture the Flag) competitions, and vulnerability disclosure workflows. Because Metasploit has legitimate and illegitimate uses, it should only ever be run against systems you own or have explicit written permission to test. The tech stack is Ruby, running on Linux or macOS (pre-installed on Kali Linux, a security-focused operating system). Modules can be written in Ruby by contributors following the provided API.