Metasploit
The Metasploit Framework now includes an official Java-based GUI and also Raphael Mudge's excellent Armitage. The Community, Express, and Pro editions have web-based GUIs.
A collaboration between the open source community and Rapid7, Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments, providing true security risk intelligence. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports.
Metasploit editions range from a free edition to
professional enterprise editions, all based on the Metasploit Framework,
an open source software development kit with the world's largest,
public collection of quality-assured exploits.
History of the Metasploit Project
Background
HD Moore created the Metasploit Project in 2003 to provide the
security community with a public resource for exploit development. This
project resulted in the Metasploit Framework, an open source platform
for writing security tools and exploits.
The first version of the Metasploit Framework was written together by HD Moore and provided a curses-based frontend written in the Perl scripting language. Spoonm, the second developer, joined the project in late 2003 and helped design the overall workflow that is still in use today. Shortly after Matt Miller (aka skape) started contributing, eventually becoming the third member of that core development team.
The first two versions of the Metasploit Framework were written in the Perl scripting language, ending with the 2.7 release in 2006. Perl had a number of disavantages, which lead to ground-up rewrite using the Ruby language started in 2005 and completed in 2007. By the end of 2007, both Spoonm and Matt Miller had left the project and in an effort to bring on a new team the source code was relicensed under the three-clause BSD license, starting with version 3.2 in 2008. The license change, combined with a stronger community-focused development team lead to a huge boost to the vitality of the project.
On October 21, 2009, Rapid7, a vulnerability management solution company, acquired the Metasploit Project. Prior to the acquisition, all development of the framework occurred in the developer's spare time; eating up most weekends and nights. Rapid7 agreed to the fund a full-time development team and still keep the source code under the three-clause BSD license that is still in use today.
The first version of the Metasploit Framework was written together by HD Moore and provided a curses-based frontend written in the Perl scripting language. Spoonm, the second developer, joined the project in late 2003 and helped design the overall workflow that is still in use today. Shortly after Matt Miller (aka skape) started contributing, eventually becoming the third member of that core development team.
The first two versions of the Metasploit Framework were written in the Perl scripting language, ending with the 2.7 release in 2006. Perl had a number of disavantages, which lead to ground-up rewrite using the Ruby language started in 2005 and completed in 2007. By the end of 2007, both Spoonm and Matt Miller had left the project and in an effort to bring on a new team the source code was relicensed under the three-clause BSD license, starting with version 3.2 in 2008. The license change, combined with a stronger community-focused development team lead to a huge boost to the vitality of the project.
On October 21, 2009, Rapid7, a vulnerability management solution company, acquired the Metasploit Project. Prior to the acquisition, all development of the framework occurred in the developer's spare time; eating up most weekends and nights. Rapid7 agreed to the fund a full-time development team and still keep the source code under the three-clause BSD license that is still in use today.
The Metasploit Project Today
In addition to devoting our time to updating and enhancing the
Metasploit Framework, we have been busy developing commercial solutions
for professional penetration testers and IT security staff who want a
more efficient solution for their everyday jobs.
In May 2010, we introduced our first commercial collaboration: Metasploit Express. The affordable security solution provides penetration testing capabilities to security professionals of all skill levels. It makes testing easier by streamlining many of the common penetration testing tasks most security professionals perform on a day to day basis – we call it the penetration testing workflow.
Only a short five months later, we added Metasploit Pro to our growing suite of commercial solutions. Metasploit Pro built on the existing interface and feature set of Metasploit Express and added even more advanced attack capabilities, including Web application scanning and exploitation, social engineering campaigns, and VPN pivoting. We built Metasploit Pro with penetration test teams in mind: it includes multi-user support and enables teams to manage project access as well as allows teams to orchestrate and synchronize multi-layer attacks. It's a true expert system for red teams and individual penetration testers.
Metasploit Framework users told us that they found the tool hard to use but couldn't always afford to upgrade to the full commercial editions. In October 2011, we decided to offer a basic version of our robust commercial user interface available to the community free of charge to make penetration testing more accessible, especially to new users. Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners such as Nexpose – for free. Download your free copy now.
With over 1 million downloads over the last 12 months, we have been keeping busy.
In May 2010, we introduced our first commercial collaboration: Metasploit Express. The affordable security solution provides penetration testing capabilities to security professionals of all skill levels. It makes testing easier by streamlining many of the common penetration testing tasks most security professionals perform on a day to day basis – we call it the penetration testing workflow.
Only a short five months later, we added Metasploit Pro to our growing suite of commercial solutions. Metasploit Pro built on the existing interface and feature set of Metasploit Express and added even more advanced attack capabilities, including Web application scanning and exploitation, social engineering campaigns, and VPN pivoting. We built Metasploit Pro with penetration test teams in mind: it includes multi-user support and enables teams to manage project access as well as allows teams to orchestrate and synchronize multi-layer attacks. It's a true expert system for red teams and individual penetration testers.
Metasploit Framework users told us that they found the tool hard to use but couldn't always afford to upgrade to the full commercial editions. In October 2011, we decided to offer a basic version of our robust commercial user interface available to the community free of charge to make penetration testing more accessible, especially to new users. Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners such as Nexpose – for free. Download your free copy now.
With over 1 million downloads over the last 12 months, we have been keeping busy.
The Metasploit Project Tomorrow
Our goals are and always will be to support open source
software, promote community involvement, and provide the most innovative
resources and tools for penetration testers all over the world. In
addition to exploring commercial solutions, we are committed to keeping
the Metasploit Framework free and open source. However, it's a lot of
work and we can't do it without you. That's why we need you more than
ever.
0 comments:
Post a Comment