The best known and easiest to use security penetration testing toolkit, Metasploit, just released a new version 3.5. This version includes lots of anticipated updates to the framework that is used by both white and black hats alike. Here is a look at the highlights of the tool. If you haven't used Metasploit before, or it's just been a while, I highly recommend you download it immediately and use it to test your network systems. It is also a great tool for testing the efficacy of your IPS sensors. So what's new in version 3.5?
First, Metasploit now has 613 exploit modules and 306 auxiliary modules to choose from. That is up from 551 exploits and 261 aux mods available in 3.4. The new exploits include the latest Adobe, Windows OS, Java and wireless exploits.
The GUI of Metasploit is also completely new. The old web GUI has been deprecated and replaced with a slick new one. The new GUI is Java based and performs much faster than the previous one. Behind the new GUI lie improvements in the database backend, PostgreSQL. These make the database faster and better able to handle imports/exports.
Tons of new bug fixes are in the 3.5 release. A definite focus of creating cleaner, more stable code is paying off dividends and this release proves that. Over 130 bugs have been fixed since release 3.4.
The Nessus plug-in is now included in the standard build. This allows you to run full Nessus scans within Metasploit. Windows users also now get a tabbed native console as well.
All in all the new Metasploit version feels faster and more stable. The addition of the new exploits proves that Metasploit isn't going anywhere. And true to their word, Metasploit is still FREE!
What are your experiences with Metasploit? Any good tips to share with others?
For more info on Metasploit go to:
Read on Metasploit Pro (for fee) addition here:
The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.
More from Jamey Heary:
* Credit Card Skimming: How thieves can steal your card info without you knowing it
* Google Nexus One vs. Top 10 Phone Security Requirements
* Why you should always shred your boarding pass
* Video rental records are afforded more privacy protections than your online data
* The truth about new SSL attacks
* 2009 Top Urban Legends in IT Security/a>
Go to Jamey’s Blog for more articles on security.
Jamey Heary, CCIE #7680, sits on the PCI Security Standards Council- Board of Advisors where he provides strategic and technical guidance for future PCI standards. Jamey is the author of Cisco NAC Appliance: Enforcing Host Security with Clean Access. (Check out all of Jamey Heary's books from Cisco Press.) He also has a patent pending on a new DDoS mitigation technique.
Jamey sits on several security advisory boards for Cisco Systems and is a founding member of the Colorado Healthcare InfoSec Users Group. He is an experienced speaker who is recognized as an expert in network security architecture, regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and he is a Certified HIPAA Security Professional. He has been working in the IT field for 15 years and in IT security for 10 years. Jamey is currently a Distinguished Systems Engineer at Cisco Systems.