Exploitationmetasploitred-teamcollaborationvisualizationpost-exploitation

Armitage

Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes advanced post-exploitation features.

Description

Armitage serves as a graphical cyber attack management interface for the Metasploit framework. It enables red teams to visualize their targets and attacks, receive exploit recommendations, and access advanced post-exploitation capabilities within Metasploit. The tool supports team collaboration through a team server setup, allowing multiple users to coordinate operations.

Use cases include red team engagements where visualization and scripting enhance Metasploit workflows. Armitage closes the gap between automation and the Metasploit console by providing an intuitive interface for managing sessions, modules, and payloads. It requires Metasploit Framework and Java dependencies for operation.

The tool operates in client-server mode, with clients connecting to a team server running on an external IP address. Team members authenticate using a shared password to participate in multi-player Metasploit sessions.

How It Works

Armitage starts the MSFRPC daemon (msfrpcd) for Metasploit RPC communication. The teamserver component launches on a specified external IP (port 55553) with SSL via X509 certificates and keystore. Clients connect using host, port 55553, username 'msf', and shared team password. A unique fingerprint authenticates connections. Java 1.7+ is required; older versions like 1.6 are unsupported.

Installation

bash

sudo apt install armitage

Flags

<external IP address>External IP address reachable by Armitage clients on port 55553

<team password>Shared password used by team to authenticate to Armitage team server

Examples

Starts Armitage client and automatically launches msfrpcd RPC daemon for Metasploit

armitage

Starts teamserver on external IP 192.168.1.202 with password s3cr3t, generates SSL certificates, starts MSGRPC on 127.0.0.1:55554

teamserver 192.168.1.202 s3cr3t

Displays teamserver help showing required parameters: external IP address and team password

teamserver -h

Generic teamserver start command requiring reachable external IP and shared team password

teamserver <external IP address> <team password>

Connects Armitage client to teamserver using host, port, username msf, and password (derived from teamserver example)

armitage --connect 192.168.1.202 55553 msf s3cr3t

Teamserver with specific fingerprint for client verification (from connection details)

teamserver 192.168.1.202 s3cr3t --fingerprint a3b60bef430037a6b628d9011924341b8c09081

Updated 2026-04-16kali.org ↗