The Metasploit Project has updated its signature open-source exploit framework to Version 3.1, adding a new graphical interface for Windows that will boost the number of researchers and white hat hackers who are able to use the software.
"It's a minor update, but it's the result of 10 months of hard work," said HD Moore, the noted exploit researcher who created Metasploit and remains its project leader. "The big things in 3.1 is that we've solidified the APIs and added a GUI to Windows."
The latter, added Moore, means that the hard-to-use and sluggish Web-based interface of earlier versions for Windows is history. And that, in turn, means that more people will be able to use the framework. "Absolutely," Moore answered when asked if the new interface will expand the user base. "Metasploit 3.0 [on Windows] was difficult to use. This, though, is a platform we can build on."
Other enhancements planned for the near term - Moore cited a timeline of three or four months - will hopefully position Metasploit to be a closer competitor to commercial attack and penetration testing frameworks, like Immunity's Canvas or Core Security's Core Impact, he added.
Scores of new exploit modules are included with the update. Few, however, are unknown, since the bulk have been available to Metasploit users via its ongoing development tree, Moore said. They include several exploits for the iPhone that Moore made public in late September 2007.
Metasploit's update was important enough to rate a note from Symantec to customers of its DeepSight early-warning service. "In addition to the new Windows interface, this release includes exploits for an unpatched kernel level vulnerability for Novell Netware, a series of new 802.11 fuzzing modules that can be used to compromise numerous wireless devices and a collection of exploits for newly discovered vulnerabilities in Borland's InterBase product," read the Symantec warning.
In the past, Symantec researchers have recognised Metasploit as a bellwether product. Last July, for example, Alfred Huger, a Symantec vice president of engineering, cited Metasploit's special place in security software.
"Once we see something in Metasploit, we know it's likely we'll see it used in attacks," said Huger at the time, as he explained why Symantec had amped an earlier warning about a threat to Mac users. "Every Unix-based break-in that's not handcrafted - in other words, not with the attacker sitting at the keyboard during the attack - is made with a couple of different tools, and Metasploit is by far the most popular."
Moore estimated Metasploit's user base at 40,000 to 50,000 and echoed Huger's take that an exploit's appearance in the framework had significance. "That means an exploit is viable and that everyone has to prepare for it [to appear in the wild]," said Moore.
Metasploit Framework 3.1 can be downloaded from the project's website free of charge.