- Use the same sessions
- Share hosts, captured data, and downloaded files
- Communicate through a shared event log
- Run bots to automate red team tasks
Armitage is open source software developed by Raphael Mudge's company Strategic Cyber LLC. However, Cobalt Strike is the commercially supported big brother of Armitage.
Armitage organizes Metasploit's capabilities around the hacking process.
There are features for discovery, access, post-exploitation, and
maneuver. This section describes these features at a high-level, the
rest of this manual covers these capabilities in detail.
Armitage's
dynamic workspaces let you define and switch between target criteria
quickly. Use this to segment thousands of hosts into target sets.
Armitage also launches scans and imports data from many security
scanners. Armitage visualizes your current targets so you'll know the
hosts you're working with and where you have sessions.
Armitage recommends exploits and will optionally run active checks to
tell you which exploits will work. If these options fail, use the Hail
Mary attack to unleash Armitage's smart automatic exploitation against
your targets.
Once you're in, Armitage exposes post-exploitation tools built into the
Meterpreter agent. With the click of a menu you will escalate your
privileges, log keystrokes, dump password hashes, browse the file
system, and use command shells.
Armitage makes it trivial to setup and use pivots. You'll use
compromised hosts as a hop to attack your target's network from the
inside. Armitage uses Metasploit's SOCKS proxy module to let you use
external tools through your pivots. These features allow you to maneuver
through the network.
The rest of this manual is organized around this process, providing what you need to know in the order you'll need it.
Package dependency before you install Armitage
Armitage exists as a client and a server that allow red team
collaboration to happen. The Armitage client package is made available
for Windows, MacOS X, and Linux. Armitage does NOT require a local copy
of the Metasploit Framework to connect to a team server.
These getting started instructions are written assuming that you would
like to connect to a local instance of the Metasploit Framework.
Armitage requires the following:
- Metasploit Framework and its dependencies.
- PostgreSQL Database
- Nmap
- Oracle's Java 1.7
To quickly install all of the dependencies, you have a few options:
- Use a Linux distribution for penetration testing such as Kali Linux.
- These distributions ship with Metasploit and its dependencies installed for you.
- Use the MSF Installer Script created by DarkOperator (This option will setup an environment that uses Git for updates).
- Use the official installer provided by Rapid7 (This option will require you to register with Rapid7 to get updates).
Setup Instructions to install Armitage in Kali Linux
- Open a terminal
- Initialize the database: service metasploit start
- Stop the metasploit service: service metasploit stop
- Extract armitage: tar zxvf armitageDDMMYY.tgz, where DDMMYY is version or date when armitage has launched.
How to Start Armitage
- Open root terminal
- type apt-get install armitage
Before you start Armitage, make sure the postgresql database is running:
- type service postgresql start
If you get a missing database.yml error, type:
- type service metasploit start