Quiz Entry - updated: 2026.07.14
What is Metasploit, and what is the msfconsole?
Metasploit is an open-source exploitation framework; msfconsole is its interactive command-line that bundles ready-made exploits, payloads, and listeners.
Metasploit is the de-facto standard toolkit for penetration testing and exploit development. Instead of writing attack code from scratch, you compose pre-built modules:
| Module type | What it does |
|---|---|
| exploit | code that triggers a vulnerability to gain access |
| payload | what runs on the target after the exploit lands (e.g. a remote shell) |
| handler | the attacker-side listener that catches a connecting payload |
| post | post-exploitation actions once you're in |
msfconsole is the main interface that ties these together. In a password-cracking context it appears in the post-exploitation phase: once a weak password has given you a foothold, Metasploit is how you turn that foothold into interactive control of the machine.
Tip: Think of Metasploit as a "Lego set" for attacks — exploit + payload + handler snap together.