# Standards and References - Metasploit Framework

## Industry Standards
- **PTES (Penetration Testing Execution Standard)**: http://www.pentest-standard.org/
- **OWASP Testing Guide**: https://owasp.org/www-project-web-security-testing-guide/
- **NIST SP 800-115**: Technical Guide to Information Security Testing and Assessment
- **OSSTMM v3**: Open Source Security Testing Methodology Manual

## Metasploit Documentation
- Metasploit Framework Docs: https://docs.rapid7.com/metasploit/
- Metasploit Unleashed (OffSec): https://www.offsec.com/metasploit-unleashed/
- Metasploit GitHub: https://github.com/rapid7/metasploit-framework
- Module Development Guide: https://docs.metasploit.com/docs/development/developing-modules.html

## Key msfconsole Commands Reference
| Command | Purpose |
|---------|---------|
| `search` | Search modules by name, CVE, platform |
| `use` | Select a module |
| `show options` | Display module configuration |
| `set/setg` | Set module/global variables |
| `check` | Verify vulnerability without exploitation |
| `exploit/run` | Execute the module |
| `sessions` | List active sessions |
| `db_import` | Import scan results (Nessus, Nmap, etc.) |
| `vulns` | List known vulnerabilities from database |
| `workspace` | Manage engagement workspaces |

## Legal Considerations
- Always obtain written authorization before testing
- Define scope, rules of engagement, and emergency contacts
- Document all activities for legal protection
- Follow responsible disclosure for any new findings
- Comply with local computer misuse laws