Metasploit Framework. Opinions?

**Gadsden** · October 11, 2004, 16:45

Originally posted by pr0zac0x2a

I've been playing around with the metasploit framework (www.metasploit.com) off and on the past couple weeks and have found it to be a really interesting tool. Still haven't decided exactly how I feel about the ease of use however. Thought I'd ask what others think of this thing and process the opinions / point of views. Amazing advance in penetration testing tools, or amazing advance in script kiddie tools?

-zac

More or less both... that can be said about many tools out there.

**Gadsden** · October 11, 2004, 18:41

Originally posted by 0versight

Do they contact the developers of the vulnerable code before releasing the exploit? I didnt find such information on the website or their introduction .pdf that was shown at defcon 2004.

As far as I know (and as far as I have observed), all the exploits are public and have already been posted, etc. I have never seen a 0-day in it.

**dev_zero** · October 12, 2004, 04:12

I will call this a script-kiddie tool. It hasn't much options like Nessus has when it comes to finding security holes. Basicly it's just a type and press enter script-kiddie tool. Nessus is what I call a penetration testing tool.. Another tool in the penetration testing category is Core Impact. I haven't tried it out though, because it's not free :(
But one thing is nice about The Metasploit project. You can learn a little bit about shellcoding and exploit writing.

**Gadsden** · October 12, 2004, 19:18

Originally posted by dev_zero

I will call this a script-kiddie tool. It hasn't much options like Nessus has when it comes to finding security holes. Basicly it's just a type and press enter script-kiddie tool. Nessus is what I call a penetration testing tool.. Another tool in the penetration testing category is Core Impact. I haven't tried it out though, because it's not free :(
But one thing is nice about The Metasploit project. You can learn a little bit about shellcoding and exploit writing.

But it is damn handy to have if you are doing a pentest.. Nessus is just as much as a script kiddie tool if you look at it that way... it is all automated attacks. Personally, if I am getting paid to do a pentest, I want to have all the tools I need to get the job done and get paid. It is a very handy tool for learning as well, as are many of the tools out there. It is what you make of it.

**dev_zero** · October 13, 2004, 04:01

Originally posted by che

But it is damn handy to have if you are doing a pentest.. Nessus is just as much as a script kiddie tool if you look at it that way... it is all automated attacks. Personally, if I am getting paid to do a pentest, I want to have all the tools I need to get the job done and get paid. It is a very handy tool for learning as well, as are many of the tools out there. It is what you make of it.

Yes, I can't argue with that. I suppose you can use both of the tools to pentest a network or machine.. First scan it with nessus then try the exploits. Slightly modified if needed. Not a bad idea.

Metasploit Framework. Opinions?

Metasploit Framework. Opinions?

Comment

Comment

Comment

Comment

Comment