Metasploit took the security world by storm when it was released in
2004. It is an advanced open-source platform for developing, testing,
and using exploit code. The extensible model through which payloads,
encoders, no-op generators, and exploits can be integrated has made it
possible to use the Metasploit Framework as an outlet for cutting-edge
exploitation research. It ships with hundreds of exploits, as you can
see in their list of modules.
This makes writing your own exploits easier, and it certainly beats
scouring the darkest corners of the Internet for illicit shellcode of
dubious quality.
Metasploit was completely free, but the project was acquired by Rapid7
in 2009 and it soon sprouted commercial variants. The Framework itself
is still free and open source, but they now also offer a
free-but-limited Community edition, a more advanced Express edition
($3,000 per year per user), and a full-featured Pro edition ($15,000 per
user per year). Other paid exploitation tools to consider are Core Impact (more expensive) and Canvas (less).
The Metasploit Framework now includes an official Java-based GUI and also Raphael Mudge's excellent Armitage. The Community, Express, and Pro editions have web-based GUIs.
A collaboration between the open source community and Rapid7,
Metasploit software helps security and IT professionals identify
security issues, verify vulnerability mitigations, and manage
expert-driven security assessments, providing true security risk
intelligence. Capabilities include smart exploitation, password
auditing, web application scanning, and social engineering. Teams can
collaborate in Metasploit and present their findings in consolidated
reports.
Metasploit editions range from a free edition to
professional enterprise editions, all based on the Metasploit Framework,
an open source software development kit with the world's largest,
public collection of quality-assured exploits.
History of the Metasploit Project
Background
HD Moore created the Metasploit Project in 2003 to provide the
security community with a public resource for exploit development. This
project resulted in the Metasploit Framework, an open source platform
for writing security tools and exploits.
The first version of the Metasploit Framework was written
together by HD Moore and provided a curses-based frontend written in the
Perl scripting language. Spoonm, the second developer, joined the
project in late 2003 and helped design the overall workflow that is
still in use today. Shortly after Matt Miller (aka skape) started
contributing, eventually becoming the third member of that core
development team.
The first two versions of the Metasploit Framework were written
in the Perl scripting language, ending with the 2.7 release in 2006.
Perl had a number of disavantages, which lead to ground-up rewrite using
the Ruby language started in 2005 and completed in 2007. By the end of
2007, both Spoonm and Matt Miller had left the project and in an effort
to bring on a new team the source code was relicensed under the
three-clause BSD license, starting with version 3.2 in 2008. The license
change, combined with a stronger community-focused development team
lead to a huge boost to the vitality of the project.
On October 21, 2009, Rapid7, a vulnerability management solution
company, acquired the Metasploit Project. Prior to the acquisition, all
development of the framework occurred in the developer's spare time;
eating up most weekends and nights. Rapid7 agreed to the fund a
full-time development team and still keep the source code under the
three-clause BSD license that is still in use today.
The Metasploit Project Today
In addition to devoting our time to updating and enhancing the
Metasploit Framework, we have been busy developing commercial solutions
for professional penetration testers and IT security staff who want a
more efficient solution for their everyday jobs.
In May 2010, we introduced our first commercial collaboration:
Metasploit Express. The affordable security solution provides
penetration testing capabilities to security professionals of all skill
levels. It makes testing easier by streamlining many of the common
penetration testing tasks most security professionals perform on a day
to day basis – we call it the penetration testing workflow.
Only a short five months later, we added Metasploit Pro to our
growing suite of commercial solutions. Metasploit Pro built on the
existing interface and feature set of Metasploit Express and added even
more advanced attack capabilities, including Web application scanning
and exploitation, social engineering campaigns, and VPN pivoting. We
built Metasploit Pro with penetration test teams in mind: it includes
multi-user support and enables teams to manage project access as well as
allows teams to orchestrate and synchronize multi-layer attacks. It's a
true expert system for red teams and individual penetration testers.
Metasploit Framework users told us that they found the tool hard
to use but couldn't always afford to upgrade to the full commercial
editions. In October 2011, we decided to offer a basic version of our
robust commercial user interface available to the community free of
charge to make penetration testing more accessible, especially to new
users. Metasploit Community Edition simplifies network discovery and
vulnerability verification for specific exploits, increasing the
effectiveness of vulnerability scanners such as Nexpose – for free. Download your free copy now.
With over 1 million downloads over the last 12 months, we have been keeping busy.
The Metasploit Project Tomorrow
Our goals are and always will be to support open source
software, promote community involvement, and provide the most innovative
resources and tools for penetration testers all over the world. In
addition to exploring commercial solutions, we are committed to keeping
the Metasploit Framework free and open source. However, it's a lot of
work and we can't do it without you. That's why we need you more than
ever.
11:08 PM
Unknown
Microsoft Windows
Mac OS X
Linux
Windows Installer (32-bit) : 
