Armitage — Graphical Metasploit Cyber Attack Manager

What is Armitage?

Armitage is a graphical front-end for the Metasploit Framework, designed to make penetration testing more accessible through a visual interface. It displays discovered hosts as icons on a network map, recommends applicable exploits for each target, and lets operators launch attacks, manage sessions, and pivot through networks — all from a single GUI. Its team server feature (Teamwork) enables multiple operators to share a single Metasploit instance and collaborate on an engagement in real time, making it a popular choice for coordinated red team operations.

Note: Armitage is no longer actively maintained by its original author. For modern team operations, Cobalt Strike (commercial) is considered its successor. Armitage remains useful for learning and lab environments.

⚠ Legal Notice

Only use on systems you own or have explicit written permission to test. Unauthorized use violates Pakistan's PECA 2016 and international cybercrime laws.

Installation

# Armitage requires Metasploit and a running PostgreSQL database
sudo apt update
sudo apt install armitage metasploit-framework postgresql -y

# Initialize the Metasploit database
sudo msfdb init

# Start PostgreSQL
sudo service postgresql start

# Launch Armitage
sudo armitage

# On first launch:
# Host: 127.0.0.1  Port: 55553
# Click Connect → Start MSF (waits ~30s for Metasploit RPC to start)

Basic Workflow

# Step 1: Discover hosts on the network
# Hosts menu → Nmap Scan → Intense Scan
# OR in the console tab:
db_nmap -sV -O 192.168.1.0/24

# Step 2: Find applicable exploits for a host
# Right-click host → Attack → Find Attacks
# Armitage queries Metasploit for matching modules based on OS/service

# Step 3: Launch an exploit
# Right-click host → Attack → [module category] → [exploit]
# Configure options in the dialog → Launch

# Step 4: Interact with sessions
# Compromised hosts turn red with a lightning bolt
# Right-click → Meterpreter → [Interact / Escalate / Pivot]

# Step 5: Team server (multi-operator)
# Start team server:
./teamserver [IP] [password]
# Other operators connect via: Armitage → Connect → [IP]:55553

Key Features

Host Visualization — Network map showing all discovered hosts with OS icons
Find Attacks — Automatic exploit recommendation based on detected services and OS
Hail Mary — Launches all applicable exploits against a target simultaneously (noisy)
Meterpreter Console — Full Meterpreter session management via GUI tabs
Pivoting — Route traffic through compromised hosts to reach deeper network segments
Teamwork Server — Shared Metasploit instance for multi-operator red team engagements
Loot & Credentials — Centralized view of all captured hashes, credentials, and files

Common Use Cases

Learning Metasploit concepts through a visual interface
Authorized penetration testing engagements in lab environments
CTF (Capture The Flag) competitions with network exploitation challenges
Internal red team exercises requiring multi-operator coordination

Tips & Best Practices

Always run msfdb init and start PostgreSQL before launching Armitage — it will fail to connect without an active database. Avoid using Hail Mary on production systems; it launches every available exploit simultaneously and is extremely noisy. For learning, set up a local lab using VirtualBox or VMware with intentionally vulnerable VMs like Metasploitable2 to practice safely.

Practice on legal targets like TryHackMe, HackTheBox, or hackzia.site labs before using in live engagements.