Intelligence Gathering
33
Although this is only a simple example, the level of versatility afforded by
the Metasploit Framework can be of great assistance when you need to get
some custom code up and running quickly in the middle of a pen test. Hope-
fully, this simple example demonstrates the power of the Framework and
modular code. But, of course, you don’t have to do everything by hand.
Looking Ahead
In this chapter, you learned how to leverage the Metasploit Framework
for intelligence gathering, as outlined in the PTES. Intelligence gathering
takes practice and requires a deep understanding of how an organization
operates and how to identify the best potential attack vectors. As with any-
thing, you should adapt and improve your own methodologies throughout
your penetration-testing career. Just remember that your main focus for this
phase is to learn about the organization you’re attacking and its overall foot-
print. Regardless of whether your work occurs over the Internet, on an inter-
nal network, wirelessly, or via social engineering, the goals of intelligence
gathering will always be the same.
In the next chapter, we’ll move on to another important step during the
vulnerability analysis phase: automated vulnerability scanning. In later chap-
ters, we will explore more in-depth examples of how to create your own mod-
ules, exploits, and Meterpreter scripts.