Extensive attack targets

Metasploit enables you to compromise standard and custom Web applications, network devices, database servers, endpoint systems, and email users, broadening your range of attack vectors.

Metasploit enables you to simulate attacks on these targets:

• Servers: Offering services to network users and storing lots of sensitive data, servers provide a prime target for penetration testers. Metasploit filters all exploits by operating system and open ports to focus only the most promising exploits for each machine.
• Network devices: Constituting the backbone of the infrastructure, penetration testers love to take control of network devices to change configurations or sniff traffic. With Metasploit, you can quickly compromise network devices, such as Cisco routers, with exploitation chaining.
• Databases: Often the holy grail of confidential data, Metasploit holds exploits that provide you root level access to databases and enable you to easily collect evidence for your reports.
• Web applications: Often the most publicly accessible server on the network, Metasploit enables you to scan and exploit both standard and custom Web applications. Often these provide a pivot point into a database or further into the network.
• Endpoint Systems: Although endpoint systems usually don't hold as much confidential data as server systems, they often contain cached credentials that can be harvested by Metasploit and used to gain access to other systems. Endpoint systems can either be exploited remotely or through social engineering attacks, such as phishing.
• Virtual Machines: You can conduct penetration tests on virtual machines in the same way as on physical hardware. Metasploit also helps you determine whether a compromised host is running in a virtual environment. Brute forcing can audit passwords of VMware vSphere Web Services.

Click to enlarge