Update for Metasploit Exploit Tool

By Dave Nixon

In adding a new graphical interface for Windows that will boost the number of researchers and white hat hackers who are able to use the software, the Metasploit Project has updated its signature open-source exploit framework to Version 3.1.

HD Moore, the renowned exploit researcher and Metasploit creator stated “It’s a minor update, but it’s the result of 10 months of hard work. The big things in 3.1 is that we’ve solidified the APIs and added a GUI to Windows.”

The latter, added Moore, means that the complex and slow Web-based interface of earlier versions for Windows is history. And that, consequently, means that more people will be able to make use of the framework. “Absolutely,” Moore answered when asked if the new interface will expand the user base. “Metasploit 3.0 on Windows was difficult to use. This, though, is a platform we can build on.”

Moore cited a timeframe of three or four months for additional enhancements planned for the near term that will expectantly position Metasploit to be a closer competitor to commercial attack and penetration testing frameworks, like Immunity’s Canvas or Core Security’s Core Impact, he added.

A multitude of innovative exploit modules are incorporated into the update. Hardly any, however, are unknown, since the majority have been accessible to Metasploit users via its continuing development tree, Moore said. They include several exploits for the iPhone that Moore made public in late September 2007.

Metasploit’s update was significant enough to raise a communication from Symantec to customers of its DeepSight early-warning service. “In addition to the new Windows interface, this release includes exploits for an unpatched kernel level vulnerability for Novell Netware, a series of new 802.11 fuzzing modules that can be used to compromise numerous wireless devices and a collection of exploits for newly discovered vulnerabilities in Borland’s InterBase product,” read the Symantec warning.

Formerly, Symantec researchers accepted Metasploit as a bellwether product. Last July, for example, Alfred Huger, a Symantec vice president of engineering, quoted Metasploit’s particular place in security software.

“Once we see something in Metasploit, we know it’s likely we’ll see it used in attacks,” said Huger at the time, as he explained why Symantec had pushed a previous warning about a risk to Mac users. “Every Unix-based break-in that’s not handcrafted - in other words, not with the attacker sitting at the keyboard during the attack - is made with a couple of different tools, and Metasploit is by far the most popular.”

Moore projected Metasploit’s user base at 40,000 to 50,000 and echoed Huger’s position that an exploit’s appearance in the framework had implication. “That means an exploit is viable and that everyone has to prepare for it to appear in the wild,” said Moore.

Metasploit Framework 3.1 can be freely downloaded from the project’s website.