By Robert McMillan
IDG News Service
March 27, 2007
Developers have released a major update to the Metasploit security
testing tool designed to run more smoothly on the Windows operating
Metasploit 3.0, released early Tuesday morning, has been rewritten in
the Ruby programming language to make the software faster and less buggy
for Windows users, who comprise the great majority of the software's
audience, according to Metasploit developer HD Moore.
"Ninety-eight percent of our entire user base runs on Windows, and they
were really poorly supported," Moore said. By rewriting the program,
developers expect to attract new users who had previously been
frustrated by the effort required to run Metasploit on Windows. "We're
guessing that we'll probably get 20 to 30 percent more users just from
our improved Windows support," he said.
Metasploit has been installed on more than 100,000 computers to date,
Moore said. Within 12 hours of the 3.0 release, the new code had been
downloaded by about 7,500 systems, despite a denial-of-service attack on
the Metasploit.com Web site.
The new version of the hacking tool includes a jazzed-up Web interface
and much more modest resource requirements on Windows PCs. Metasploit
2.7, which was written in the Perl language, uses between 128MB and
256MB of memory. With version 3.0, that requirement has dropped to 32MB,
With the rewrite, Metasploit now uses a modular architecture that will
make it easy for developers to integrate new exploit code and testing
tools into the software.
Previously the framework was focused on developing exploits, but with
the 3.0 changes, the software can now be used to do new things such as
test networks for flaws and merge new hacking tools within the
Metasploit framework, Moore said. "We're kind of the security tool
amoeba at this point, where anytime anyone has an interesting security
tool, we can go, 'Great, absorb.'"
Metasploit developers have also tightened up the licensing terms for
their software, which had previously been offered under both the GNU
General Public License and the Artistic License, used by Perl.
Under the new Metasploit Framework License used by version 3.0,
companies will no longer be able to sell the core Metasploit software, a
practice that had been on the rise, according to Moore.
"We didn't want other companies reselling and repackaging it," he said.
"We figured that people would be good community Samaritans and would
contribute back to us ... but that wasn't happening."
Companies will be able to sell their own Metasploit modules, however,
Visit the InfoSec News Security Bookstore