The Metasploit security testing tool now works more smoothly on Windows, according to its developers.
Metasploit 3.0 has been rewritten in Ruby to make it faster and less buggy for Windows users, who make up the great majority of the software's users according to Metasploit developer HD Moore.
"Ninety-eight percent of our entire user base runs on Windows and they were really poorly supported," Moore said. By rewriting the program, developers expect to attract new users who had previously been frustrated by the effort required to run Metasploit on Windows. "We're guessing that we'll probably get 20 to 30 percent more users just from our improved Windows support," he said.
Metasploit has been installed on more than 100,000 computers to date, Moore said. Within 12 hours of the 3.0 release yesterday, the new code had been downloaded by about 7,500 systems, despite a denial of service attack on the Metasploit.com web site.
The new version of the hacking tool includes a jazzed-up web interface and much more modest resource requirements on Windows PCs. Metasploit 2.7, which was written in Perl, uses between 128MB and 256MB of memory: with version 3.0 that has dropped to 32MB, Moore said.
With the rewrite, Metasploit now uses a modular architecture that will make it easy for developers to integrate new exploit code and testing tools into the software.
Previously the framework was focused on developing exploits, but with the 3.0 changes, the software can now be used to do new things like test networks for flaws and merge new hacking tools within the Metasploit framework, Moore said. "We're kind of the security tool amoeba at this point, where any time anyone has an interesting security tool, we can go, 'Great, absorb.'"
Metasploit developers have also tightened up the licensing terms for their software, which had previously been offered under both the GNU General Public License and the Artistic license, used by Perl.
Under the new Metasploit Framework License used by version 3.0, companies will no longer be able to sell the core Metasploit software, a practice that had been on the rise, according to Moore.
"We didn't want other companies reselling and repackaging it," he said. "We figured that people would be good community Samaritans and would contribute back to us ... but that wasn't happening."
Companies will be able to sell their own Metasploit modules, however, Moore said.