What is Metasploit?
The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
What does it do?
The framework consists of tools, libraries, modules, and user interfaces. The basic function of the framework is a module launcher, allowing the user to configure an exploit module and launch it at a target system. If the exploit succeeds, the payload is executed on the target and the user is provided with a shell to interact with the payload.
If you don’t already know about Metasploit I would guess you aren’t even in the security industry.
It’s come a long way since it’s early versions and has picked up huge supports from the community.
- Metasploit now has 445 exploit modules and 216 auxiliary modules (from 320 and 99 respectively in v3.2)
- Metasploit is still about twice the size of the nearest Ruby application according to Ohloh.net (375k lines of Ruby)
- Over 180 tickets were closed during the 3.3 development process
Full release notes for v3.3 are here.
You can download Metasploit v3.3 here:
Or read more here.
- Rowhammer – DDR3 Exploit – What You Need To Know
- Santoku Linux – Mobile Forensics, Malware Analysis, and App Security Testing LiveCD
- Google Expands Pwnium Year Round With Infinite Bounty
- Metasploit Framework 3.4.1 Released – 16 New Exploits, 22 Modules & 11 Meterpreter Scripts
- Metasploit 2.7 Released – Automated Hacking
- Metasploit Exploit Framework Version 3.0 Released
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 229,598 views
- AJAX: Is your application secure enough? - 119,410 views
- eEye Launches 0-Day Exploit Tracker - 85,200 views