background image

Intelligence Gathering

33

Although this is only a simple example, the level of versatility afforded by 

the Metasploit Framework can be of great assistance when you need to get 
some custom code up and running quickly in the middle of a pen test. Hope-
fully, this simple example demonstrates the power of the Framework and 
modular code. But, of course, you don’t have to do everything by hand.

Looking Ahead

In this chapter, you learned how to leverage the Metasploit Framework 
for intelligence gathering, as outlined in the PTES. Intelligence gathering 
takes practice and requires a deep understanding of how an organization 
operates and how to identify the best potential attack vectors. As with any-
thing, you should adapt and improve your own methodologies throughout 
your penetration-testing career. Just remember that your main focus for this 
phase is to learn about the organization you’re attacking and its overall foot-
print. Regardless of whether your work occurs over the Internet, on an inter-
nal network, wirelessly, or via social engineering, the goals of intelligence 
gathering will always be the same.

In the next chapter, we’ll move on to another important step during the 

vulnerability analysis phase: automated vulnerability scanning. In later chap-
ters, we will explore more in-depth examples of how to create your own mod-
ules, exploits, and Meterpreter scripts.