Metasploit v3.7.2 available (11 new exploits added)
The Metasploit® Framework is a free, open source penetration testing solution developed by the open source community and Rapid7. It is the de-facto standard for penetration testing with more than one million unique downloads per year and the world’s largest, public database of quality assured exploits.
If you’re running or responsible for any type of IT system that hackers or cyber criminals may want to break into, deface, or bring down for business or pleasure, Metasploit Framework is for you. The tool enables you to carry out penetration tests (often called “pentests”) on your own systems. This means you’re attacking your own systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network.
Using the Metasploit Framework can be a little bit daunting if you’re a newbie, especially since using it requires knowledge of the penetration testing workflow and most interactions are through the command line. Luckily, the Web is full of how-tos, documents, videos, discussion forums and training providers for Metasploit Framework. We’ve taken the time to summarize the best ones in this section.
During the summer of 2003, HD Moore started the Metasploit Project as a public resource for exploit code research and development. Today, the Metasploit Framework, and its commercial counterparts, Metasploit Pro and Metasploit Express, have become the de facto standard for penetration testing and exploit code development.
For users who don’t have the time or resources to develop custom penetration testing tools or those who need automated, advanced multi-layer attacks, there is a commercial alternative to the Metasploit Framework. Introduced in 2010, Metasploit Express and Metasploit Pro offer commercial solutions for any organization’s penetration testing needs.
The Metasploit Framework will always be free and an open source. The Metasploit Project and Rapid7 are fully committed to supporting and growing the Metasploit Framework as well as providing advanced solutions for users who need an alternative to developing their own penetration testing tools. It’s a promise.
You may also be interested in other security software related to Rapid7, including the free vulnerability scanner NeXpose Community Edition and the free open source web application scanner w3af. NeXpose is integrated with all Metasploit Editions to help you quickly identify vulnerabilities to exploit. w3af enables you to scan Web applications, identify Web vulnerabilities, and exploit them.
If you haven’t heard the terms penetration testing, security research, vulnerability, exploit, and payload yet, or you are not quite sure how they’re related, we suggest you check out this primer. It will help you get kick-started with the Metasploit Framework.
- Metasploit now ships with 698 exploit modules, 358 auxiliary modules, and 54 post modules.
- 11 new exploits, 1 new auxiliary module, and 15 new post modules have been added since the last release.
- MS11-050 IE mshtml!CObjectElement Use After Free
- AWStats Totals =< v1.14 multisort Remote Command Execution
- IBM Tivoli Endpoint Manager POST Query Buffer Overflow
- Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
- Magix Musik Maker 16 .mmm Stack Buffer Overflow
- VisiWave VWR File Parsing Vulnerability
- GoldenFTP PASS Stack Buffer Overflow
- DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow
- 7-Technologies IGSS <= v9.00.00 b11063 IGSSdataServer.exe Stack Overflow
- 7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities
- 7-Technologies IGSS 9 IGSSdataServer .RMS Rename Buffer Overflow
- Cachedump merged (#505, #310)
- Remote Registry commands for Meterpreter (#1894)
- Create a ROP gadget search tool (#4044)
- Update Nmap XML parsers to support Nokogiri parsing (#4578)
- db_import failing with ip360 XML imports (nCircle imports) (#4619)
- packetfu library – HSRP code (#4430)
- PCAPRUB support on Windows XP also in Debian 5.0.8 and Ubuntu 10.10 (#4558 / #4554)
- Egghunter now disables DEP (#4375)
- Sign the java_signed_applet with OpenSSL instead of RJB. (#3440)
- Add 64 bit linux shellcode (#4451)
- Regression in Meterpreter pivoting fixed (#4642)
- New tools Script – module_rank.rb (#4334)
- Enhancements to SMTP User Enumeration Utility (aux/scanner/smtp/smtp_enum) (#4031)