Penetration testers are not born, they're made, and we all had to start somewhere. So how do you bring new new team members up to speed, mentoring them into a new role? Metasploit users in red teams and consulting organizations often tell me that they like to leverage the Metasploit Pro team collaboration feature for this purpose.
Metasploit Pro is accessed through a web interface that is available not only on the local host but also across the network (personal firewall rules permitting). As a result, multiple people can log into the interface at the same time, work on the same project, share sessions, credentials, evidence, and reporting.
For example, you can leverage team collaboration for the following cases:
- Mentoring junior team members on a project, where junior team members carry out the easy tasks while senior members carry out advanced tasks
- Splitting the workload on a large penetration test between team members
- Leveraging the specialties of team members, for example dividing the workload up into exploiting Windows, Linux, social engineering and bruteforcing
This feature is great to use in combination with tagging, which can be used to assign hosts to team members. At the end of a penetration test, reports include all activities.
Team collaboration is available to all Metasploit Pro users who have more than one license. To leverage it, simply set up multiple users on your Metasploit Pro machine as follows:
- Open the menu Administration and select User Administration
- Click on New User. If this button is disabled, you either don't have Metasploit Pro or you only have a one-user license. If you purchased more than one user license but the button is disabled in your interface, please email firstname.lastname@example.org and ask to have all user licenses consolidated on one product key.
- Set up projects and add the relevant users as authorized users
- Have users log in to the web interface from their own machines to collaborate on the projects
If you'd like to try out team collaboration, please download the free Metasploit Pro trial, which includes a three-user license for team collaboration.