New version of Metasploit vulnerability finder
Version 3.2 of the Metasploit
exploitation development and attack framework has been released,
giving malicious hackers and security specialists a bevy of new
penetration techniques.
Metasploit contains a wide-ranging library of vulnerabilities
found in popular programs and automated and assistive procedures
that exploit those vulnerabilities to gain entry into a system.
Security professionals can use the framework to build exploits to
test for holes in their own systems, mimicking the actions of possible attackers.
They can control the software using a command-line or graphical
user interface.
Last summer, when news news of the Domain Name System (DNS)
vulnerability broke, security researchers developed a Metasploit
module to automate the process of poisoning a DNS
server.
For the new version, developers revamped the module system and
added a new debugger and payload-encoding system. Exploit modules
have been added for token hopping, packet injection,
man-in-the-middle packet captures, dynamic link library injection
and a variety of client-side browser exploits. The new version also
supports IPv6 payloads.
It is the first version of Metasploit to be covered under the
BSD open-source license, and it is free todownload for Microsoft Windows, Apple Mac OS X, Linux and
most variants of BSD.
About the Author
Joab Jackson is the senior technology editor for Government Computer News.