 viewers, Carl, has asked me to talk about Metasploit, which is a topic I am not that familiar with. I have played around with it a little bit, but I figure I give my insights and what I thought of it and things I like about it and things I don't like about it. Metasploit is a program that basically has a large database of vulnerability attacks, so you can use it very easily to test systems that you may have. Now, commonly it's already pre-installed on what's called Kali Linux, previously known as Backtrack. It's a cool distribution of Linux, has a cool looking logo with a dragon, and is currently, since they switched to Kali, Debian-based, which is a good thing because now I guess they're going to start trying to move things upstream into the Debian repositories from my understanding. Let me talk a little bit about what it does. Basically, you can go into it and you can say, okay, I have a machine that's a Windows XP service pack to running these services, and it can give you basically some exploits, things, programs you can send to people that would open up a vulnerability on their system. Sometimes it can just attack that machine and look for vulnerabilities, and then other times it can set up servers that you send someone a link to a website and it tries to use an exploit on their web browser and stuff like that. Basically, once a vulnerability is found for all operating systems, it's not just to attack Windows machines. In most cases it's added to this database, and then you can use that database with Metasploit to attack these services. It's great to have all that in one place for testing uses, so if I want to attack a machine, you can actually do an attack to try everything against a machine. There's actually a GUI interface for Metasploit called Armitage, which I have also played around with some. I have taken some test boxes running Windows, it was a while ago, it was probably about two years ago, probably more than that, that I tried this, but I had a Windows machine. I want to say Windows XP, it may have been Windows NT, but anyway, I did what was called a Hail Mary attack on this test machine that was just running basic services. What the Hail Mary does, and it's an option inside Armitage, it uses the Metasploit and just does attacks with every possible vulnerability and tries to break into this machine. I have had some success with it, and then I've had success once you get into that machine that you can actually use other vulnerabilities to pull down other people's credentials and then pivot into other systems on the network. So it works. Lots of people like it and it has lots of things already to go for you once you learn how to work it. Again, I've done a little bit with the Metasploit shell, but mostly I've done stuff through Armitage and I've barely done anything in either. What do I not like about all three of these things? Cali Linux, Metasploit and Armitage. Armitage, again, it's just a front end for Metasploit and it does a fairly good job. It's written in Java and I think it's kind of a, it's kind of slow, but it works. Doing something at the Hail Mary pass again, I think all three of these, getting Cali Linux and using Armitage and or Metasploit to test a system you want to see is my system secure and just do a Hail Mary pass or try these things, that's great for that and that's mainly its main use for it. But things I don't like about all three is they're bulky, especially, you know, let's start just looking at Cali Linux. Cali Linux comes with a full GNOME desktop, which is way overkill. If you're just going to go in there to test, if you're really know what you're doing, you don't need GNOME to do these things or GNOME or GNOME or however you say it. You shouldn't even really need a GUI interface at all and if so, something very light like Ice Window Manager or Flux Box would be more than enough. But the fact that it even goes straight to a GUI interface, the people who are using this should be system admins who are trying to test systems and if you're trying to do something like this and you need a GUI interface and you're a sysadmin, time to find a new job or actually start learning how to do yours just to be flat out honest with you. I can't remember how big Cali Linux is off the top of my head but I want to say that it's like four gigs, four gigs. That's huge. Now I understand that it has a lot of exploits built in. But really when you're going to run this, you're going to update that database right away. So I don't even, it just seems so bloated. It's like a full desktop environment with Office and stuff like that. Like Ubuntu is only I think like a gig and a half this time, which I still think is ridiculously large for a base operating system. But the fact that this is just to do exploits, you're not supposed to be using Cali Linux as your main primary desktop. It's supposed to be used off a live CD or a USB drive or if you're going to install it, you're going to install it on a machine, you're going to use to test systems. It just seems like there's a lot of stuff on there that is not needed. And I think that the size could be shrunk down on that. Now when it comes to Metasploit and its database, I don't know how big that base is. And I'm probably should look at how many exploits are in there. But still, each exploit at most should be a megabyte. I mean, even that's really big for a program that's going to test an exploit really should be, you know, in the kilobyte range when you're looking at size. So the fact that I don't know how big Metasploit is by itself, but I can tell you with Cali Linux, it's Cali is just huge. And I don't know if it's just Cali Linux has a lot of stuff on there that is unneeded or if just the Metasploit, Metasploit is dead. And again, Cali Linux has stuff other than just Metasploit on there, but most will use it for the Metasploit. So yeah, just the bulkiness and the slowness of it. These are supposed to be hacker tools to test the system or to break into a system. And it's just those type of tools should be very, very lightweight. And it's like a majority of time when I've seen tutorials or people talking about Metasploit, it's to make yourself an entry point. Lots of times people are making binaries that you can send to somebody on their system run and it gives you access into their system, maybe with some system privileges, like escalations. And really, if I wanted to get into a Windows machine, I'd write myself a simple script or a program, compile it as an ex exe file. And it would literally be, I mean, teeny, tiny. I think I would probably put an icon to make it look like a program and icon probably would take up more space than the actual program because it doesn't need to be that big. And also, it just seems bulky for a tool for what it's supposed to be. I'm not criticizing how it works. I'm just saying that I feel that, and again, this is with little knowledge on the project itself, it could be trimmed down quite a bit. So those are my views. I'm not saying it's bad. I'm just saying that as an admin tool and a hacker tool, if you're an admin or hacker, you should, everything should be streamlined and the fact that it is so large and bulky. And the fact that the Kali Linux comes with this big GUI interface, again, you shouldn't even really need a GUI interface for the most part. And if so, it should be a minimal one. And again, with, I started to say earlier with Metasploit, if you're going to run attacks in these systems, you want the most update database, you're going to update that database all together. So I understand there's a convenience of having on the seed, but it'd be nice if they had two versions of Kali Linux, the full version, and then the lightweight one that's, you know, maybe 200, 300 megabytes, that's, and that's kind of wide as a compressed image ISO, that when you run it, once again, network connection, you type one command and it pulls the database down from the internet. And then in the full database, maybe they can make it, and I don't know if there is something like this, it's like, okay, I want to attack a Linux machine running the kernel 2.4, whatever, and running an old version of SSH, you know, you put that information in and maybe it goes and it pulls down the database that meets those specs. So you don't need the full database, but just pulls down the little bit of what you need and stores on your system for those attacks instead of giving you everything. But I understand a lot of people use Kali Linux because it has that full database in there, but again, you're going to want to update it anyway. It's kind of going back and forth, so it would be nice if there were two versions. There was the lightweight version that's the minimal that will pull down what you need, when you need it, and maybe a full version so that if you're someplace and you don't have that internet connection or you're on a network that you don't want to be pulling down all that stuff, maybe you have the full version with everything packaged in. So those are my views on not just Metasploit, but Armitage and Kali Linux. I suggest checking them out. I do not suggest and I've talked to people who use Kali Linux as like their main OS, and I just think that's kind of silly. I think even if you ask the developers, it says it's not meant to be installed to your system. It's meant for testing. So I mean, again, if you have a separate like laptop or something that you bring with you that all you do with it is check, you know, for network attacks, sure, go ahead and install it on that, but to be using it for your everyday web browsing just seems a little weird to me. So what are your experiences? Comment below, let me know. Again, I'm not, I'm giving constructive criticism. I'm not dissing the project at all, any of the projects because I think it's great that there's stuff like that and a place where you can go and get the database of all those vulnerabilities and attacks. I just think that packaging and pounding it all into an ISO that's, again, I'm pretty sure it's like four gigs. Correct me if I'm wrong on that. Again, I haven't looked at the project in probably at least two years, but I was asked to talk about it, so I thought I'd do this quick little talk about it and it does work. It does. I mean, again, I've had success doing a Hail Mary pass, but again, a Hail Mary pass again is doing all the attacks on one machine. That's great. If you're testing your machine, also you'll be realized that if you're doing attacks on a machine, you can also mess up that machine that you're attacking, so you wouldn't necessarily want to use it on a main machine that you need right then and there. You want to do it on a test machine. That's another thing and that's great. If you just want to test all your systems and do Hail Mary passes on all of them, I think it's great. If you are actually an attacker, shame on you depending on what you're doing your attacks for, but you're not going to want something that big and bulky and that noisy. You're not going to want to do a Hail Mary attack because it's going to set off bells and whistles if the system administrator for that system has any clue what they're going to do. They're going to notice that all these attacks are coming in and they're going to be notified, hopefully. So definitely, again, I feel like I'm repeating myself, but if you want to test your systems, which is what it's primarily for, it's great. If you're an actual attacker, probably not the best tool for you. Anyway, again, comment below. Let me know what you think. I'm sure I'm probably going to get a lot of criticism back on what I said because people love these projects and I'm not saying they're bad. I'm just trying to give ideas, again, to streamline it a little bit and I hope that you have a great day. Again, thank you to my Patreon viewer, all my Patreon supporters, but definitely thank you, Carl, for asking me to talk on this topic that I know very little about and I'm going to make that clear as I have a few times earlier in this talk. So thank you for watching and I hope that you have a great day.