Security Watch | Matt Hines » Metasploit Project updates framework

March 27, 2007 | Comments: (0)

Metasploit Project updates framework

TAGS: Security

The Metasploit Project released the latest iteration of its software platform, which is designed for use by developers of penetration testing tools and other security applications, and by people creating vulnerability exploits.

Metasploit -- founded by researcher H.D. Moore in 2003 and best known for its month-long explorations into different categories of common software vulnerabilities, such as in its Month of Browser Bugs and Month of Kernel Bugs projects -- reports that the new version 3.0 release of the development framework contains 177 individual exploits, 104 payloads, 17 encoders, and 3 NOP modules for users to play around with.

The updated Metasploit Framework also includes a number of other new tools for use on tasks including host discovery, protocol fuzzing, and denial of service testing, according to the group's stat sheet for the 3.0 release.

Metasploit organizers describe the framework as suited for use by IT administrators carrying out pen testing and patch installation verification, and product makers testing the security limitations of their technologies, along with its core audience of researchers.

The release is labeled as a "from-scratch re-write" of the project's previous platform, using the Ruby programming language that took two years to complete and resulted in over 100,000 lines of software code.

Moore said in an e-mail that the re-write will benefit the various classes of Metasploit users in different ways.

"The best feature really depends on the user," he said. "Metasploit 3.0 is much faster and stable for Windows users, compared to the Cygwin-based 2.7. Penetration testers will benefit from the new Meterpreter and automation features."

"Researchers will benefit from the open-source Rex API and the new auxiliary module format, which allows the framework to be used as a generic security tool development platform."

Among the significant improvement promised through the revamp is the availability of a single process extension, an upgraded Metasploit API, direct access to the framewoek's Ruby internals at runtime, and new exploit payload relay capabilities.

Other changes include wider database support, a new evasion user option that helps allow for the bypass of IDS and IPS systems, an event subscription system that promises the ability for exploit modules and plugins to wait for specific events and automatically perform different actions.

Moore writes that one new piece of the framework in particular is proving to be a hit.

"The popular gimmick feature is the db_autopwn command; this command (accessible after loading a database plugin), allows the user to import Nessus and Nmap output files into the framework, and then automatically cross-reference and exploit hosts based on what modules match the open ports and discovered vulnerabilities," Moore said.

"The BackTrack 2.0 Live CD has "on boot" support for this mode -- you can pop the CD into a machine, reboot it, and it will automatically exploit every system on the local network."

A full list of the framework upgrades is available here.

Posted by Matt Hines on March 27, 2007 11:26 AM

RATE THIS ARTICLE: