Metasplot Framework 3.3 Released

HD has posted on the Metasploit Blog that MSF3.3 has been released.
From the release note its looks like the guys have been hard at work, and I assume some of this is also due to the Rapid7 support.
I have updated this on my BT4 box and look forward to checking it out later in the week.

Get yourself updated now.

Tuesday, November 17, 2009

Metasploit Framework 3.3 Released!

We are excited to announce the immediate availability of version 3.3 of the Metasploit Framework. This release includes 446 exploits, 216 auxiliary modules, and hundreds of payloads, including an in-memory VNC service and the Meterpreter. In addition, the Windows payloads now support NX, DEP, IPv6, and the Windows 7 platform. More than 180 bugs were fixed since last year’s release of version 3.2, making this one of the more well-tested releases yet.

Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the Apple® iPhone™. Installers are available for the Windows and Linux platforms, bundling all dependencies into a single package for ease of installation. The latest version of the Metasploit Framework, as well as images, video demonstrations, documentation and installation instructions for many platforms, can be found online at http://www.metasploit.com/framework/.

This release of the Metasploit Framework was driven by numerous key contributors, including James Lee, Yoann Guillot, Steve Tornio, MC, Chris Gates, Alexander Kornbrust, Ramon Carvalle, Stephen Fewer, Ryan Linn, Lurene Grenier, Mike Kershaw, Patrick Webster, Max Moser, Efrain Torres, Alexander Sotirov, Ty Bodell, Joshua Drake, JR, Carlos Perez, Kris Katterjohn and many others.

The startup speed up the Metasploit Console and all utilities has been greatly improved due to performance patches by Yoann Guillot and a string processing overhaul by James Lee. Metasploit now fully supports the 1.9.1 version of the Ruby interpreter, clearing the way for support under a variety of alternate Ruby VMs in the future.

The Windows installation now includes a fully-functional console interface, using Cygwin and RXVT as a front-end to the framework. The Windows installer now runs on all supported versions of Windows, from Windows 2000 to Windows 7. The Windows version of Metasploit is now portable and can be silently installed via the /S /D=Dest parameters.

The Linux installers now include everything needed to run the Metasploit Framework on most versions of Linux released over the last five years. The official Linux installers are recommended for anyone using a Linux distribution other than Ubuntu (8.04+). These installers include Ruby 1.9.1, Subversion 1.6.6, and all dependencies, along with convenient scripts for keeping the framework updated.

MSF3-3

HD Moore and Metasploit go to Rapid7

This is most likely not breaking news to anyone in the InfoSec community, as it came out last week. However I thought it might be of interest to those who live under a rock and have yet to hear.

So its true, HD Moore and Metasploit have been acquired by Rapid7. Oh no I hear you cry, bye bye to the awesomeness of opensource Metasploit. Well apparently not (and I hope its true), its my understanding that Metasploit will continue to have the Opensource side of the project we know and love. I am not sure how much of a reflection this will have to the Rapid7 NeXpose offering that they are looking to enhance with this acquisition, I am sure time will tell.

Personally, HD Moore has always come across as a great guy, and I wish him all the best to him and his family, and any of the other guys that are fortunate enough to be involved. Of course I also have a selfish side, so I do home we continue to be able to benefit from opensource Metasploit, and it continues to grow and develop.

October 21, 2009

I’m extremely pleased to announce Rapid7’s acquisition of Metasploit, the leading open source penetration testing framework and world’s largest database of public, tested exploits. We believe the acquisition deepens our leadership as the leading provider of vulnerability management, compliance and penetration testing solutions and will provide great value for our customers and partners.

As a result of the acquisition, we will leverage Metasploit technology to enhance our vulnerability management solution, Rapid7 NeXposeTM. At the same time we will not only maintain, but accelerate the open source framework Metasploit with dedicated resources and contributions. I’m also pleased to announce that HD Moore, the founder of Metasploit, will be joining Rapid7 full-time as Chief Architect of Metasploit and Chief Security Officer of Rapid7.

Mike Tuchen,
President & CEO, Rapid7