Metasploit offers workflows for network scanning, smart brute forcing and exploitation, social engineering, all amplified with proxy and VPN pivoting as well as stealth features, enabling you to get deeper into the network.

Metasploit offers you these attack capabilities:

• Smart brute forcing: Metasploit offers smart brute forcing of many account types. Before simulating a brute force attack, you can choose which account types should be tested, for example based on their lockout risk. The password guesses are based on default passwords, default and custom dictionaries, and from information gathered during the network scan. Using credential recycling and pass-the-hash techniques, you can reuse collected passwords and hashes to gain access to other systems.
• Smart exploitation: Choose exploits according to their reliability in exploiting systems safely. In addition, Metasploit automatically chooses only the exploits that are appropriate for your operating system and the ports open on the specific system. Once you have successfully exploited a machine, you won't lose the session again because the Meterpreter payload supports persistent sessions and listeners so that the target machine actively re-establishes a session when it drops. You can also replay previously successful attacks to simplify verification of patch installation and configurations changes.
• Advanced Pivoting: Route your attacks through compromised machines using proxy and VPN pivoting. Metasploit Pro is the world's only penetration testing solution to achieve unrestricted remote network access through a compromised host. Unlike alternative products, which provide only proxy-based pivoting that is restricted to certain protocols, Metasploit's VPN pivoting evades firewall restrictions and tunnels into networks on network layer 2, granting full access to the network. As a result, penetration testers can run any network discovery tool, such as nmap or the Nexpose vulnerability scanner, through a compromised host as if they were directly connected to the internal network. You can also route network traffic through a shared instance of Metasploit on the network.

  Click to enlarge

• Social engineering: Run custom social engineering campaigns with Metasploit to compromise end user systems. Run drive-by attacks, including easy website cloning and editing for phishing attacks, send out emails with malicious PDF or MP3 attachments, or create USB sticks to drop in your target's parking lot. Once you have compromised a client, explore the rest of the network with VPN pivoting.

  Click to enlarge

• Web applications: Identify custom web applications across the entire network, audit them for vulnerabilities, and exploit them to validate the results. You can import third-party web application scanner reports to enhance the results.

Click to enlarge

Many of these processes can be carried out simultaneously, emulating several brute force and exploitation attacks while taking control of several sessions all the same time.