The Metasploit Framework is an advanced open-source exploit development platform. The 2.2 release includes three user interfaces, 30 exploits and 40 payloads. Additionally, this is the first public release to contain the new in-memory DLL-injection system[1] and the VNC (remote desktop) payload[2].
The Framework will run on any modern operating system that has a working Perl interpreter. The Windows installer includes a slimmed-down version of the Cygwin environment.
Some highlights in this release: - Handful of useful new exploit modules (lsass, afp, etc) - The Win32 DLL-injection payload system has been integrated - A new SMB library has been added (used with lsass) - The DCERPC library has been overhauled (frag support) - The socket API has been rewritten and enhanced - Payload encoders have been written for PPC and Sparc architectures - A "polymorphic" x86 encoding engine has been added (1.5m combos) - The x86 nop generator now supports smart random nop sleds - Massive improvements to the crash course user guide - Online updates via the new 'msfupdate' script
The 2.2 release is the first version which embraces third-party development. The API should remain stable for the foreseeable future. An exploit module tutorial is included in this release and can be found in the sdk subdirectory.
The Framework was written by spoonm and H D Moore, with additional help from skape, optyx, and a handful of other contributors. Check out the 'Credits' exploit module for a complete list of developers.
You can subscribe to the Metasploit Framework mailing list by sending a blank email to framework-subscribe [at] metasploit.com. This is the preferred way to submit bugs, suggest new features, and discuss the Framework with other users.
If you would like to contact us directly, please email us at: msfdev [at] metasploit.com.
Starting with the 2.2 release, it is now possible to perform a system-wide installation of the Framework. Simply extract the tarball into the directory of your choice and create symbolic links from the msf* executables to a directory in the system path. Users may maintain their own exploit module collections by placing them into ~/.msf/exploits/. If you are interested in adding the Framework to a operating system distribution, please drop us a line and we will gladly help with the integration and testing process.
Awesome news! Actually, I've never visited this page before, its amazing! There is all sorts of cool links and papers to grab, really worth the visit even if you don't use Metasploit.
ssj4conejo
Aug 13 2004, 01:47 AM
metasploit is a great project. i'm glad to see it being updated continously. = )
twistedps
Aug 13 2004, 05:45 AM
if only they could keep the opcode database up to date
mrBob
Aug 13 2004, 08:25 PM
hmm, looks interesting gonna take a look thanx
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
