Extending Metaploit 3.0 to Vulnerability Scanning

[cbyrd01 at gmail.com (Chris Byrd)]

On 10/7/05, mmiller at hick.org <mmiller at hick.org> wrote:

> While we do plan to release the recon module system publicly, we have
> not yet decided if we are willing to release the correlation engine
> publicly due to there being a large potential for abuse.  Instead, we
> might consider releasing such a feature on a request-only basis (which
> we would either approve or not).  Again though, nothing firm yet, but
> that's just kind of my personal stance on this.  We are still discussing
> it internally.

I'd like to throw in my two bits on this.  I suggest that the
correlation engine be released under the same license as the rest of
the Metasploit framework.  My fear is that restricting release of the
correlation engine will discourage people from extending the
framework.  Its easy to think of lots of good modules (like
scanrand/nmap host and port scanning, p0f/nmap fingerprinting) that
would be easy to write under the new architecture.

I'm afraid that keeping it closed will not prevent the "bad guys" from
getting it.  They have no problem with running commerical pen-test
tools from warez sites.

How about requring root perms for MSF to run (maybe by using raw
sockets or binding to a low port number for the correlation engine)? 
On the extreme side what about requring a CA-signed cert for
interprocess communication?  A true hacker could write around this in
the source, but it might cut out some of the script-kiddies.

- Chris