Tuesday, April 24, 2012

Metasploit : Penetration Testing Software


The Metasploit Project is an open-sourcecomputer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.
The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

Metasploit was created by HD Moore in 2003 as a portable network tool using the Perl scripting language. Initially Metasploit was Game in Perl. Later, the Metasploit Framework was completely rewritten in the Ruby programming language. In addition, it is a tool for third-party security researchers to investigate potential vulnerabilities. On October 21, 2009 the Metasploit Project announced that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.
Like comparable commercial products such as Immunity's Canvas or Core Security Technologies' Core Impact, Metasploit can be used to test the vulnerability of computer systems to protect them and Metaspoit can be used to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Since the acquisition of the Metasploit Framework, Rapid7 has added two open core proprietary editions called Metasploit Express and Metasploit Pro.
Metasploit's emerging position as the de facto exploit development framework has led in recent times to the release of software vulnerability advisories often accompanied by a third party Metasploit exploit module that highlights the exploitability, risk, and remediation of that particular bug. Metasploit 3.0 (Ruby language) is also beginning to include fuzzing tools, to discover software vulnerabilities, rather than merely writing exploits for currently public bugs. This new avenue has been seen with the integration of the lorcon wireless (802.11) toolset into Metasploit 3.0 in November 2006. Metasploit 4.0 was released in August 2011.

So meh nak conclude, Metasploit Framework ni gunanya untuk Penetration Test. Aku dah bukak, dah try and aku rasa sangat bagus kepada sesiapa yang ingin belajar pasal vulnerable, exploit dan security. Sebelum ni aku pernah tengok video (dlam tahun 2010) pasal metasploit tapi waktu tu aku ni memang tak tah menahu pasai Metasploit mahupun Bactrack. Semasa tengok video tu aku rsa, ni lah video terbaik yang pernah aku tengok selain daripada video-video yang ada pada IronGeek. Banyak lagi yang perlu aku belajar tentag Metasploit ni, jadi sesiapa yang dah pro tu sila-sila lah ajarin saya. Heheh..

Akhir kata, apabila saya free nanti, saya akan buat sedikit tutorial mengenai Metasploit ni. Majulah sukan untuk negara.



No comments: