Extending Metaploit 3.0 to Vulnerability Scanning

[andre.ludwig at gmail.com (Andre Ludwig)]

I think a proper correlation engine with the addition of a proper
reporting module would make metasploit one helluva tool (like it
allready wasnt?).  Lets just say it would be a helluva value add...

Just my two cents, would be damn nice to be able to utilize a
reporting module that fed off the information gathered from the recon
modules to produce an overall risk rating for a client.

just a thought, and as some of you may know there is about eleventeen
bajjilion ways to skin the risk rating cat.

Dre

On 10/7/05, Chris Green <cmgreen at uab.edu> wrote:
> On 10/7/05 10:26 AM, "mmiller at hick.org" <mmiller at hick.org> wrote:
> > While we do plan to release the recon module system publicly, we have
> > not yet decided if we are willing to release the correlation engine
> > publicly due to there being a large potential for abuse.
>
> My $.02, releasing an exploit with no patch (Veritas) on a Friday afternoon
> causes a lot more damage than having the correlation engine develop an open
> community around it.
>
> I'm sure all the other arguments you are having internally.
> --
> Chris Green
> UAB Data Security, 5-0842