A major update to highly regarded open-source penetration testing tool Metasploit Framework (MSF) has been released by its volunteer developers. MSF is designed to exploit dozens of security holes with just a few clicks.
MSF 2.3, which made its debut on Tuesday after nearly five months of development, adds twelve new exploits and several new payloads, as well as speed and functionality improvements, developers said. The framework can be used to test several Unix systems, including Solaris and Mac OS X, as well as Windows and Linux, and comes with a total of 46 exploits and 68 payloads. It runs on most operating systems that can interpret the Perl scripting language, according to developers.
Exploitation framework tools such as Metasploit, which automate the exploitation of vulnerabilities, are increasingly important for protecting networks, according to industry observers. That's because of the increasing speed and efficiency with which attackers are able to make use of vulnerabilities, using automated tools of their own, analysts say.
Metasploit started off as a hobby, but has turned into a powerful and easy-to-use tool that rivals commercial competitors. Unlike the commonly available exploitation tools aimed at script kiddies, it is intended for exploit researchers and system administrators who want to test their own systems - its lead developer is HD Moore, a well-known IT security expert.
While there's nothing to stop attackers from using Metasploit to root out vulnerabilities, the developers say plenty of other tools are available to such malicious users. Instead, Metasploit gives system administrators access to the kinds of tools attackers are already using, its developers say. "This site was created to fill the gaps in the information publicly available on various exploitation techniques," the project said in a statement on its a href='http://www.metasploit.com/' target='_blank'>website.
Testing a site is a matter of a few mouse clicks and inputting some basic information, according to the project. The Framework includes three interfaces, one of which - called msfweb - is running as a demonstration on the project's site.
The new software is available here as a Unix archive or a Windows installer.