The Metasploit Framework ("Metasploit") is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits 104 payloads 17 encoders and 3 nop modules. Additionally 30 auxiliary modules are included that perform a wide range of tasks including host discovery protocol fuzzing and denial of service testing.
Metasploit is used by network security professionals to perform penetration tests system administrators to verify patch installations product vendors to perform regression testing and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
Metasploit runs on all modern operating systems including Linux Windows Mac OS X and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms from massive Unix mainframes to the tiny Nokia n800 handheld. Users can access Metasploit using the tab-completing console interface the command line scripting interface or the AJAX-enabled web interface. The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools.
The latest version of the Metasploit Framework as well as screen shots video demonstrations documentation and installation instructions for many platforms can be found online at http://framework.metasploit.com/
Metasploit 3 is a from-scratch rewrite of Metasploit 2 using the Ruby scripting language. The development process took nearly two years to complete and resulted in over 100 000 lines of Ruby code. As such there are some notable differences between version 2.7 and 3.0:
* The Fs Sys Net and Process extensions in the Metasploit 2.7 Meterpreter have been combined into a single extension that is automatically loaded in Metasploit 3. The "stdapi" extension can be used to manipulate files list and manage processes migrate the payload into a new process edit a file on the server forward a port execute a command and many other tasks. The "priv" extension (accessible by the "use priv" command) provides the hashdump command for dumping password hashes and the timestomp command for erasing file system timestamps.
* The Meterpreter shell provides an "irb" command thats allows interactive scripting of a compromised system. One of the features of the Metasploit client API is the the ability to read and write the memory of any accessible process on the exploited system all from inside a Ruby shell. When combined with a Meterpreter script (started with the "run" command from inside Meterpreter) this feature can be used to backdoor running applications or steal in-memory credentials.
* The Metasploit console provides an "irb" command (on Unix systems only) thats allows direct access to the Ruby internals at runtime. This can be used to modify the behavior of the framework interact with existing connections and as a development environment for plugins.
* The Metasploit console interface has a new "route" command that allows all network connections to a given subnet to be routed through an existing session. This can be used in conjunction with the Meterpreter payload to relay attacks through exploited systems.
* Database support is provided via a set of plugins and a standard command interface. The database can be used to track host information during a penetration test and launch automated attacks against a network (db_autopwn). The current release can import both Nessus NBE files and Nmap XML output files. Data provided by these tools can be used to cross-reference open ports and vulnerabilities with Metasploit modules.
* User options have been separated into three types: standard advanced and evasion. Evasion options allow the user to bypass IDS and IPS systems by specifying how exploit data is generated and delivered. Evasion options are available for most exploits with particular attention paid to the SMB DCERPC and HTTP protocols.
* A plugin system allows developers to add their own commands to the console interface hook framework events and extend the framework at runtime without having to modify the base code. Examples plugins have been included in the "plugins" subdirectory of the framework. Example plugins include an "auto-tagger" a socket filter a telnet service and a number of database and debugging plugins.
* An event subscription system allows modules and plugins to wait for specific events and automatically perform different actions. This feature can be used to hook socket operations filter data flows and automated post-exploitation tasks.
* Metasploit modules can import methods and behaviors from a huge library of Ruby Mixins. This release includes support for protocols such as SMB DCERPC FTP IMAP NDMP SMTP and SUNRPC. Mixins are also provided for developing brute force exploits creating egghunters injecting user-land payloads from the Windows kernel exploiting SEH overwrites sniffing network traffic and injecting raw WiFi frames.
* Metasploit modules are now organized in a directory structure instead of a single flat directory. A caching system provides faster loading times. The result is a scalable system that can manage hundreds of different modules at a time (over 300 alone in this release).
* Thanks to Ruby's in-process threading support it is possible to share a single Metasploit instance with other users exploit multiple hosts at the same time and run persistent background services while only consuming the system resources of a single process. The msfd plugin adds a telnet interface to an existing Metasploit instance.
* The new Auxiliary module type allows the development of almost any form of security or attack tool. Auxiliary modules have complete access to the Metasploit attack and protocol libraries and can be used to quickly develop research tools and proof-of-concepts.
* Subversion is now used for online updates and version control. This allows users to easily switch between the development and stable version of the framework and obtain online updates using any transport supported by Subversion.
* This release includes three exploit modules that exploit WiFi driver vulnerabilities in the Windows kernel. Combined with the kernel user-land payload stager this allows any Metasploit payload to be used with ring-0 exploits on the Windows platform. A handful of auxiliary modules are included that trigger denial of service conditions in WiFi drivers across a variety of platforms.
* Metasploit is now released under the Metasploit Framework License. This license allows anyone to use the framework for almost anything but prevents commercial abuse and outright code theft. The Metasploit Framework License helps keep the platform stable and still allows module developers to choose their own licensing terms for their code (commercial or open source). For more information please see the license document included in the distribution.
* The Rex library which provides most of the utility methods and protocol support for the framework has been released under the 3-clause BSD license. Ruby developers can use this code to build open source or commercial applications that are not subject to the restrictions of the Metasploit Framework License.
- The Metasploit Staff