Announcement

Collapse
No announcement yet.

Metasploit Framework. Opinions?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Metasploit Framework. Opinions?

    I've been playing around with the metasploit framework (www.metasploit.com) off and on the past couple weeks and have found it to be a really interesting tool. Still haven't decided exactly how I feel about the ease of use however. Thought I'd ask what others think of this thing and process the opinions / point of views. Amazing advance in penetration testing tools, or amazing advance in script kiddie tools?

    -zac
    %54%68%69%73%20%69%73%20%6E%6F%74%20%68%65%78

  • #2
    Originally posted by pr0zac0x2a
    I've been playing around with the metasploit framework (www.metasploit.com) off and on the past couple weeks and have found it to be a really interesting tool. Still haven't decided exactly how I feel about the ease of use however. Thought I'd ask what others think of this thing and process the opinions / point of views. Amazing advance in penetration testing tools, or amazing advance in script kiddie tools?

    -zac
    More or less both... that can be said about many tools out there.
    Happiness is a belt-fed weapon.

    Comment


    • #3
      Originally posted by 0versight
      Do they contact the developers of the vulnerable code before releasing the exploit? I didnt find such information on the website or their introduction .pdf that was shown at defcon 2004.
      As far as I know (and as far as I have observed), all the exploits are public and have already been posted, etc. I have never seen a 0-day in it.
      Happiness is a belt-fed weapon.

      Comment


      • #4
        I will call this a script-kiddie tool. It hasn't much options like Nessus has when it comes to finding security holes. Basicly it's just a type and press enter script-kiddie tool. Nessus is what I call a penetration testing tool.. Another tool in the penetration testing category is Core Impact. I haven't tried it out though, because it's not free :(
        But one thing is nice about The Metasploit project. You can learn a little bit about shellcoding and exploit writing.
        -- dev_zero@

        Comment


        • #5
          Originally posted by dev_zero
          I will call this a script-kiddie tool. It hasn't much options like Nessus has when it comes to finding security holes. Basicly it's just a type and press enter script-kiddie tool. Nessus is what I call a penetration testing tool.. Another tool in the penetration testing category is Core Impact. I haven't tried it out though, because it's not free :(
          But one thing is nice about The Metasploit project. You can learn a little bit about shellcoding and exploit writing.

          But it is damn handy to have if you are doing a pentest.. Nessus is just as much as a script kiddie tool if you look at it that way... it is all automated attacks. Personally, if I am getting paid to do a pentest, I want to have all the tools I need to get the job done and get paid. It is a very handy tool for learning as well, as are many of the tools out there. It is what you make of it.
          Happiness is a belt-fed weapon.

          Comment


          • #6
            Originally posted by che
            But it is damn handy to have if you are doing a pentest.. Nessus is just as much as a script kiddie tool if you look at it that way... it is all automated attacks. Personally, if I am getting paid to do a pentest, I want to have all the tools I need to get the job done and get paid. It is a very handy tool for learning as well, as are many of the tools out there. It is what you make of it.
            Yes, I can't argue with that. I suppose you can use both of the tools to pentest a network or machine.. First scan it with nessus then try the exploits. Slightly modified if needed. Not a bad idea.
            -- dev_zero@

            Comment

            Working...
            X