Metasploit attack framework reaches version 4

After five years in development, the Metasploit development team has released version 4.0 of its popular open source exploit framework. The release offers 20 new exploits that can be used to test computers for vulnerabilities. The developers have added 14 new post-exploitation modules; these can be used for such purposes as stealing BitCoin wallets or spying out the access credentials for popular FTP clients. There are also three new auxiliary modules.

The Metasploit developers have added a range of ASCII art banners to enhance users' console experience Six of the exploits originated from the Metasploit Bounty Program. As part of this program, the project team awarded up to $500 for exploits for specific holes. Metasploit now offers a total of 716 exploits, 361 auxiliary modules and 68 post-exploitation modules. Vulnerable systems range from Windows and Solaris to Apple's iOS mobile operating system. Metasploit can even be used to examine SCADA systems that are, for instance, used to control industrial facilities in power plants.

More details about this major update can be found in the release notes and in a post on the Metasploit blog, which moved to the Rapid7 Community site in May. Metasploit 4 is available to download from the project's site; update instructions are provided. Metasploit is released under a three-clause BSD licence.

See also:

• Rapid7 acquires the Metasploit project, a 2009 report from The H.

(crve)