Metasploit Project - a project dedicated to information security . Designed to provide information about vulnerabilities , help create signatures for IDS , create and test exploits . The most famous project is the Metasploit Framework , a convenient platform for creating and debugging exploits . In addition, the project includes an opcode database, a shellcode archive, and information security research information.
| Metasploit framework | |
|---|---|
 | |
| Type of | Information Security |
| Developer | Rapid7 |
| Written on | Ruby |
| operating system | Linux and others. UNIX-like , Windows |
| Latest version | 4.17.33 (December 26, 2018) |
| condition | BSD license |
| License | Framework: BSD , Community / Express / Pro: Proprietary |
| Site | metasploit.com |
Metasploit was created in July 2003. Version 1.0 was written in Perl and contained a curses- based pseudo - graphic interface. The author was HD Moore. When working on the second (2.x) version, Matt Miller and several volunteers joined the HD Moore. The third version was completely rewritten in Ruby , it was developed by Metasploit LLC (founded by developers in 2006). In 2008, the Metasploit Framework license was changed from proprietary to BSD . In 2009, Rapid7, a vulnerability management firm, announced the acquisition of Metasploit, a popular open-source, dual-purpose open-source penetration test suite . The non-commercial version of the utility will still be available to everyone.
Like commercial counterparts, the free version of Metasploit can be used by both system administrators and security experts to protect computer systems, as well as hackers or crackers / scripts to gain unauthorized access to remote systems.
Content
Metasploit Framework
A tool for creating, testing and using exploits. Allows you to design exploits with the “payloads” necessary in a particular case, which is performed in case of a successful attack , for example, installing a shell or VNC server. Also, the framework allows encrypting shellcode, which can hide the fact of an attack from IDS or IPS. To conduct an attack, you need information about the services installed on the remote server and their versions, that is, you need additional research using tools such as nmap or nessus .
Opcode Base
A tool needed to write new exploits . Allows you to write exploits that run under different versions of operating systems.
Literature
- Abhinav Singh. Metasploit Penetration Testing Cookbook. - Packt Publishing, 2012 .-- 268 p. - ISBN 978-1-84951-742-3 .
- John Snow work Factory sploits: learning to write exploits for the Metasploit Framework // Hacker . - December 2009.
Links
- The Metasploit Project Official Site
- Metasploit Unleashed Documentation from Offensive Security
- Metasploit resource resource portal