Metasploit Framework is a very popular collection of penetration testing tools. From auxiliaries such as network scanners and mappers to exploits and payloads, Metasploit Framework offers a plethera of apparatuses to implement all the stages of a penetration test. There are two versions: both a free open-source community version and a commercial professional version called Metasploit Pro. The free version, Metasploit Framework, is heavily used by cyber crimininals to carry out illegal activities to gain unauthorized access to targets.
In this paper, I conduct experiments in a virtual environment to discover whether attacks originated from Metasploit Framework are marked with unique patterns and features so that these special characteristics can help identify and block Metasploit Framework attacks. Inside this virtual environment, I will set up two virtual machines: one attacker and one victim. The victim machine is designed to have vulnerabilities for penetration testing. The attacker virtual machine will attack the victim machine by using Metasploit Frameowrk. Wireshark will be used to capture and analyze the packets. The conclusion reached from the experiment results is that, even though the attacks from Metaploit Framework share certain common patterns, these characteristics are not significant enough to be used to create scanners or alerts with to keep victim machines immune from the attacks. The Metasploit Framework attacks keep evolving and it is still a very lofty goal to block cyber attacks from Metasploit Framework. This paper shares the experiment process, data and insight with readers
