Past, present and future of Metasploit
by Mirko Zorz - Friday, 22 October 2010.
HD Moore is the CSO at Rapid7 and Chief Architect of Metasploit, an open-source penetration testing platform. HD founded the Metasploit Project with the goal of becoming a public resource for exploit code research and development. Rapid7 acquired Metasploit in late 2009. In this interview HD Moore talks about the transition to Rapid7, offers details on the development and different versions of Metasploit and discusses upcoming features.

What was it like bringing a rather famous open source product with a dedicated user-base like Metasploit into a corporate environment with Rapid7?

The presence of Rapid7 behind the Metasploit Project has dramatically increased the acceptance of our software within corporate environments. A little-known fact is that customers of our commercial products also receive partial support for the open source product as part of our standard contract. This provides a level of commercial support that was not available previously.

How much did the opportunities within Rapid7 increase Metasploit development?

In the last twelve months since the acquisition, Metasploit has increased its user base by five-fold, almost doubled the number of exploit modules, and added over 150,000 lines of new code. This growth rate is due to a combination of the six dedicated developers on the core team as well as increased outreach and contributions from the community.

Most of the features in the commercial products are rooted in functionality we contributed to the open source code base. This dependency between commercial and open source allows us to continue focusing resources on the free code even while we are actively working on the commercial product line.

How much did the Metasploit user-base grow since it's been under the Rapid7 umbrella?

We track our user base through a combination of unique IPs hitting our our online update (SVN) server. This metric represents users who actually update the product after installing it, so we feel it is more accurate than raw download counts. Prior to the acquisition, this number was approximately 22,000 unique IPs per month.

As of last September, we are at approximately 120,000 unique IPs, or a five-fold increase in active users. If we look at a combination of unique IPs that have downloaded or updated the framework over the last twelve months, the total number is now greater than one million.

What are the differences and features of the different Metasploit versions available today?

The Metasploit Framework is our open source "core", it is provided under the liberal BSD license and its still where most of our development efforts are spent.

The Metasploit Express product, which provides a GUI (web-based), access to all of the standard Metasploit Framework features, but also exposes a workflow for conducting penetration tests with Metasploit. While the Metasploit Framework can be considered a bag of tools, Metasploit Express combines those tools to accomplish specific tasks.

The Metasploit Express interface walks through the process of scanning, exploiting, and bruteforcing a target network. Evidence can be quickly collected from compromised machines and fed back into the exploit and bruteforce tasks to go even further, using techniques like Pass-the-Hash and SSH key reuse. After the penetration test is complete, high-quality reports can be generated and used to report the findings and provide an audit log of every action taken during the test.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th