February 21st, 2005, 03:43 PM
Update on Metasploit and general thoughts on the tool
Someone just suggested this tool (http://metasploit.com/index.html) as another source for pen testing and exploit research. I bounced it off of a couple of other auditors here and they said that the tools crashes servers - I have a question back into them whether or not if they knew what specifically crashed those servers with metasploit and if the servers were patched.
From the site:
The metasploit product was just recently updated - I was going to download and test in our lab. Anyone use this product? Good/bad/indifferent?
This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various exploitation techniques and to create a useful resource for exploit developers. The tools and information on this site are provided for legal penetration testing and research purposes only.
Let me know what you think please.
February 21st, 2005, 10:10 PM
It's been a long time since I played with this..... and I might be confusing it with something else....
Firstly, IIRC, it was frigging huge.... 40 or 60 megs I think....
Then I found it something of a pain and awkward to use.... I don't think you can beat Nessus.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
February 21st, 2005, 11:51 PM
Metasploit isn't a vulnerability scanner, it's an exploit framework.
It features an array of pre-built and automated exploits for virtually point-and-click exploitation...
Can it crash servers? Likely. It is after all actively exploiting the vulnerability.
For example, one of its most usefull payload is the VNC server: that's right, find a machine with ms-rpc unpatched, point metasploit at it, select your payload, launch, poof, you've got a VNC window on the machine...
Credit travels up, blame travels down -- The Boss