Metasploit mailing list archives
Uses
From: ninjatools at hush.com (ninjatools at hush.com)
Date: Fri, 8 Oct 2004 23:14:58 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It seems very common for people to think that security is a very straightforward thing. And this seems to also apply for exploiting security flaws. While we have gotten to a state where a lot of automation, and environments like metasploit exist, we aren't talking about the Microsoft Word of security exploitation. It's always frustrating when we get tons of posts of people thinking that all that goes beyond the seems is so simple ("Where's my shell!!!"). Metasploit is not a vulnerability scanner, and it will not tell you what exploits are available against a remote machine. Some exploits include "check" functionality to test if the machine may be exploitable, but these have to be explicity individually run. I think the type of tool you should be looking at would be a vulnerability scanner. Free tools exist such as nessus, and there are many commercial companies based on vulnerability assessment. Now, sorry to go off topic on you a bit, I just figured I'd address a lot of the type of emails we get in one big swoop... If you are not an IT person, then the sort of things Metasploit does are most likely much too advanced for you. Although you may be able to stumble your way to a shell, I would not suggest it. Metasploit is a tool to augment a security researcher or professional, it's not a tool to bring computer security to non-technical people. Anyway, good luck, check out nessus and similiar tools, they come with lots of documentation and seem to be exactly what you are looking for! Thanks - -spoon On Fri, 08 Oct 2004 22:58:39 -0700 Gerald Michael Wieczorek <wieczor8 at msu.edu> wrote:
Do I understand this right,with metasploit I can type in an IP and it will tell me what exploits are available on that pc to obtain root? I could use this to check my execs PC's at home for security risks.I am not an IT person excuse the post if its off subject. Gerald
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkFngecACgkQtCeTLzI39eMu7QCfftqacRfowrljDeCIVTXan1JHxtEA oKyuKRpfhTXzEf1VwjxPnSyIysuD =VjN9 -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427
Current thread:
- Uses Gerald Michael Wieczorek (Oct 08)
- <Possible follow-ups>
- Uses ninjatools at hush.com (Oct 08)