Educational Purposes Only!
The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code.
The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection.
At its core, the Metasploit Framework is a collection of commonly used tools that provide a complete environment for penetration testing and exploit development. - https://docs.rapid7.com/metasploit/msf-overview/
Tip: setg can set the values globally
1. show targets
2. show payloads
NOTE: when you show options, it only shows options for the module, not metasploit itself. If you are using a reverse shell, you need to set LHOST for example which isn't shown at first. Also it can be useful to specify directory
How to find CVEs:
Enumerate the services and ports
Connect to the port/service - curl, nc, FTP, SSH etc..
Check if you can find versions
Check if there are any CVEs that include the version
Check if Metasploit has any modules
It is important to note that such tools are fairly automated, intuitive and abstracted. A good understanding of the technology exploited (ethically) is necessary to learning and proper usage - This should really be used for efficiency reasons.