Metasploit Framework v2.1
The Metasploit Framework is an advanced open-source exploit development
and testing environment. Version 2.1 fixes many issues that users have
reported since the release of 2.0 and adds several new features.
The bug fixes alone are more than worth the time to upgrade. If you
currently use the Framework under Windows, we strongly urge that you
update to the 2.1 release; quite a few features and payloads simply don't
work right with version 2.0 and Cygwin.
This release includes 21 exploits and 27 payloads; many of these exploits
are either the only ones publicly available or just much more reliable
than anything else out there.
The Framework will run on any modern system that has a working Perl
interpreter, the Windows installer includes a slimmed-down version of the
Cygwin environment. We have tested the Framework on Linux, BSD, Mac OS X,
Solaris, AIX, and Windows (NT, 2000, XP, 2003).
Some highlights in this release:
- Many Cygwin induced bugs fixed
- Improved msfconsole tab completion
- Fixed problems with logging functionality
- Improvements on msfpescan to scan memory dumps from memdump.exe
- socketNinja tool for doing all sorts of connection foo
This release is available from the Metasploit.com web site:
- http://metasploit.com/projects/Framework/
Direct download links are provided below.
Unix-like operating systems:
- http://metasploit.com/tools/framework-2.1.tar.gz
Windows-based operating systems:
- http://metasploit.com/tools/framework-2.1.exe
You can subscribe to the Metasploit Framework mailing list by sending a
blank email to framework-subscribe [at] metasploit.com. This is the
preferred way to submit bugs, suggest new features, and discuss the
Framework with other users. This is also where we send out updates and
new modules. This mailing list is low traffic and archived online at:
- http://metasploit.com/archive/framework/threads.html
The Framework was written by spoonm and H D Moore, if you would like to
contact us directly, please email us at msfdev [at] metasploit.com. Don't
be shy, your feedback is very important. Drop us a line even if it is
just tell us that you use it!
We would like to thank everyone contributing to the metasploit project,
with special thanks to skape, optyx, and the anonymous user who made the
first donation to the metabeverage fund :)
This release added the following new exploit modules:
- windows_ssl_pct
- svnserve_date
- samba_nttrans
... and some nice improvements to many existing modules.
Check out the new "exploits" section at the Framework project page; you
can now download the latest versions of the exploit modules directly from
the web site. All new exploits developed before the final 2.2 release
will be made available via this page. Once we get some free time, we plan
on adding exploitation and usage notes to this page. A new module has
already been uploaded for the Squid NTLM buffer overflow bug...
Enjoy!
- spoonm and HD