The Metasploit Framework

Version v2.1 of the Metasploit Framework has been released. Metasploit looks like a script kiddie's dream tool; it is a convenient packaging of some two dozen tools for exploiting known vulnerabilities. A would-be attacker need only choose the weapon of choice from a menu, and turn it loose.

In fact, it's better than that. Combined with the exploit engine is the "payload generator"; there is also an online version available. Simply pick the sort of behaviour you would like, set the relevant parameters (e.g. which port to listen to), and the corresponding code pops out the other end. Fit the payload onto your chosen exploit, and your weapon is armed and ready.

Metasploit does not bring any new capabilities to the cracker's toolbox, but it does make life easy for those who are unable to craft their own exploits. It can also serve as a useful instructional and testing tool for those of us who are charged with keeping systems secure. Metasploit can quickly tell you if a target system is vulnerable to a given exploit, and it shows what a breakin looks like from the outside. The attackers have it; defenders might as well get a copy and see how it works. See the Metasploit Project page for more information.

---

(Log in to post comments)