Metasploit version 3.1 adds iPhone support
Version 3.1 of exploit framework Metasploit has been released. The most important changes since version 3.0, released around 10 months ago, are a Windows graphical interface, numerous integrated tools and additional modules. In developing the GUI, which now provides a file and process browser, Metasploit developer H.D. Moore received support from security specialist Fabrice Mourron. The tools include the METASM suite, written in Ruby, which includes an assembler, disassembler, compiler, linker and debugger.
Metasploit now also includes tools and modules for investigating vulnerabilities in Apple's iPhone. The heapLib browser exploit library, a revised version of the Lorcon and Scruby WiFi tools and the Ruby version of the Scapy packet generator and analyser are among the new modules, taking the total to 450.
Metasploit runs under Linux, BSD, Mac OS X and Windows. For Unix derivatives, a tar archive is available to download. A 32 Mbyte installer can be downloaded for Windows. As well as Nmap and Winpcap, it also installs the GTK graphics toolkit. However, supply and use of Metasploit is not without its complications. According to expert legal opinion, exploits represent at best a grey area for German users as a result of recent anti-hacker legislation, currently the most stringent in Europe. "Depending on its purpose, an exploit could in itself be unlawful. Whether this applies to testing of exploits generated by IT security staff against known security vulnerabilities which need to be closed is very questionable - these could be objectively intended for benign purposes," according to an opinion from lawyers at EICAR. In the UK, although using such tools would probably only be unlawful if they were deployed against other peoples' systems without authorisation, similar uncertainty surrounds their supply, by virtue of the recently amended Computer Misuse Act, which effectively requires the supplier to pre-judge the intentions of the customer.