Metasploit 3.1 Takes Aim at Windows

Windows security researchers now don’t necessarily need to move to Linux to take full advantage of Metasploit 3.1.

Metasploit, a framework for developing, testing, and using exploit code, received its first major update since version 3 debuted in March 2007. (Allegedly, Metasploit has also been used in the past to help expedite Windows zero-day vulnerabilities.)

The new version promises numerous improvements, including hundreds of remote exploits for various platforms and technologies — including the iPhone. Metasploit 3.1 also provides full support for Windows with a complete graphical user interface.

“It may seem silly, but getting the Windows version of Metasploit to be usable was my biggest challenge,” Metasploit project founder H D Moore told InternetNews.com. “I come from a Unix background and have used Linux as a desktop almost exclusively since 1997.”

That’s not to say that Metasploit didn’t work in some form on Windows. Metasploit 3 offered Windows downloads, though it relied on a browser-based graphical user interface (GUI), as opposed to a full desktop client.

“The browser interface is nice, but it lacks the responsiveness and flexibility of a real GUI,” Moore said. “The new GUI not only provides a point-and-click interface for exploitation, it also exposes a console interface that is on par with the one most Unix users are familiar with. There are a number of features that are console-only — exploit automation, plug-ins, etc. — and this release finally brings users of the Windows platform the full capabilities of the framework.”

Already, the new version is seeing considerable traction among the security researcher community. Moore said that in the first four days of release, more than 10,000 unique IP addresses have downloaded version 3.1 of the Metasploit Framework.

Of these, about 6,500 downloaded the Windows installer, and about 3,000 downloaded the Unix version. The remainder downloaded both.

In addition to fuller Windows support, Metasploit 3.1 also benefits from a wide community involvement in the effort to develop new exploit modules. The shift in version 3 to the Ruby (define) development language proved a reason for growing contributions.

“In the 2.x versions of the framework, the core development team was responsible for nearly 80 percent of all exploit modules,” Moore said. “Since 3.0 has been released, this number is down to 50 percent. The number of regular contributors has jumped and many folks find the new API to be much more accessible — at least, once they get used to Ruby.”

Metasploit 3.1 marks the second version of Metasploit to be released under the Metasploit Framework License, which is not yet an officially sanctioned open source license listed or certified by the Open Source Initiative (OSI). Versions prior to Metasploit 3 had been made available under the GPL.

The fact that Metasploit is not totally available under a bona fide open source license isn’t a barrier to adoption, according to Moore.

“At the end of the day, what people care about is whether it works and how much it costs,” Moore said. “We have licensed large portions of the framework under true open source licenses and allow third-party developers to distribute their add-ons for the framework.”

The great thing about our current license is that it doesn’t prevent us from changing the license in the future,” he added. “We still have the option to release the entire framework under an open source software license if, and when, it makes sense. ”

This article was first published on InternetNews.com.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020