Tool used for penetration testing and skr1pt k1dd13z
- Developer: Rapid7
- Release Date: 2003
The Metasploit Project is a tool written in Ruby and used to test networks for potential security vulnerabilities either on the user's own "box" (techie talk for "server") or on a system they administrate or have otherwise received permission to test. It's become the standard program used in network penetration testing by white hats and security experts, and its frequent updates keep it useful.
Metasploit is also well-known as a tool skiddies use when they're trying to show off their 1337 sk1LLz to their Mountain Dew-swilling pals. Given Metasploit's efficiency as a penetration testing program, these skiddies often succeed, leading them to a rip-roaring case of USI. A lot of these types a) couldn't code their way out of a wet paper bag and b) don't know how to cover their tracks, so they're easily detected by any sysadmin with half a brain and just as easily caught. Many of the more sophisticated exploits available require information obtainable with nmap or Nessus, both of which require a little technical know-how to use.
Metasploit has also been the subject of a few hilarious YouTube videos, mostly due to experienced grey- or white-hats showing legitimate usage of the tool and being swarmed by script kiddies in the comments, all thinking it's s00per c00l to use Backtrack and Metasploit while having absolutely no idea how or why it was made.
The Metasploit project was founded in 2003 by HD Moore. It was originally written in Perl but has been in Ruby since version 3.0.
Metasploit is still frequently updated and is now commercially available in both Metasploit Pro and Metasploit Express.
- It is the largest collection of pre-compiled tools and exploits.
- Any skiddie worth his or her salt uses Metasploit.
- Metasploit is one of the largest Ruby projects today, comprising over 700,000 lines of code.
- People who use Metasploit are either legitimate security testers or wannabe h4x0rz.