Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework. Communicate through a shared binary option bot 2 login log. Run bots to automate red team tasks. Armitage is a force multiplier for red team operations.
2 Cobalt Strike Cobalt Strike is a toolset for Adversary Simulations and Red Team Operations. As of October 2015, Cobalt Strike does not share code with Armitage or depend on the Metasploit Framework. 3 Cyber Attack Management Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver. This section describes these features at a high-level, the rest of this manual covers these capabilities in detail. Armitage’s dynamic workspaces let you define and switch between target criteria quickly.
Use this to segment thousands of hosts into target sets. Armitage also launches scans and imports data from many security scanners. Armitage visualizes your current targets so you’ll know the hosts you’re working with and where you have sessions. Armitage recommends exploits and will optionally run active checks to tell you which exploits will work.
If these options fail, use the Hail Mary attack to unleash Armitage’s smart automatic exploitation against your targets. Once you’re in, Armitage exposes post-exploitation tools built into the Meterpreter agent. With the click of a menu you will escalate your privileges, log keystrokes, dump password hashes, browse the file system, and use command shells. Armitage makes it trivial to setup and use pivots. You’ll use compromised hosts as a hop to attack your target’s network from the inside.
Armitage uses Metasploit’s SOCKS proxy module to let you use external tools through your pivots. These features allow you to maneuver through the network. The rest of this manual is organized around this process, providing what you need to know in the order you’ll need it. 4 Necessary Vocabulary To use Armitage, it helps to understand Metasploit.
Metasploit is a console driven application. Anything you do in Armitage is translated into a command Metasploit understands. If you’re lost in a console, type help and hit enter. Metasploit presents its capabilities as modules. Every scanner, exploit, and payload is available as a module. To launch a module, you must set one or more options to configure the module. This process is uniform for all modules and Armitage makes this process easier for you.
When you exploit a host, you will have a session on that host. Armitage knows how to interact with shell and meterpreter sessions. Meterpreter is an advanced agent that makes a lot of post-exploitation functionality available to you. Armitage is built to take advantage of Meterpreter. Working with Meterpreter is covered later.
The Metasploit Unleashed course maintained by the Offensive Security folks is excellent. I recommend reading it before going further. The Armitage client package is made available for Windows, MacOS X, and Linux. These getting started instructions are written assuming that you would like to connect to a local instance of the Metasploit Framework. Use a Linux distribution for penetration testing such as Kali Linux or Pentoo Linux. These distributions ship with Metasploit and its dependencies installed for you. This option will setup an environment that uses Git for updates.
Use the official installer provided by Rapid7. This option will require you to register with Rapid7 to get updates. 2 Kali Linux Kali Linux comes with the Metasploit Framework installed. This is a good option if you want to get up and running with Armitage quickly. Please move over to Kali Linux.