Kali Linux is preloaded with some of the best and most advanced exploitation toolkits. The Metasploit framework (http://www.metasploit.com) is one of these. Here, we have explained it in greater detail and presented a number of scenarios that will increase its productivity, and enhance your experience with penetration testing. The framework was developed in the Ruby programming language and supports modularization so that it makes it easier for the penetration tester, with optimum programming skills, to extend or develop custom plugins and tools. The architecture of a framework is divided into three broad categories: libraries, interfaces, and modules. A key part of our exercise is to focus on the capabilities of various interfaces and modules. Interfaces (console, CLI, web, and GUI) basically provide the frontend operational activity when dealing with any type of modules (exploits, payloads, auxiliaries, encoders, and NOP). Each of the following modules has their own meaning and are function-specific to the penetration testing process:

• Exploit: This module is the PoC code developed to take advantage of a particular vulnerability in a target system
• Payload: This module is a malicious code intended, as a part of an exploit or independently compiled, to run the arbitrary commands on the target system
• Auxiliaries: These modules are the set of tools developed to perform scanning, sniffing, wardialing, fingerprinting, and other security 
assessment tasks
• Encoders: These modules are provided to evade the detection of antivirus, firewall, IDS/IPS, and other similar malware defences by encoding the payload during a penetration operation
• No Operation or No Operation Performed (NOP): This module is an assembly-language instruction often added into a shellcode to perform nothing but to cover a consistent payload space

For your understanding, we will explain the basic use of two well-known Metasploit interfaces with their relevant command-line options. Each interface has its own strengths and weaknesses. However, we strongly recommend that you stick to a console version as it supports most of the framework features.