Metasploit mailing list archives
Extending Metaploit 3.0 to Vulnerability Scanning
From: mmiller at hick.org (mmiller at hick.org)
Date: Tue, 11 Oct 2005 10:23:36 -0500
On Tue, Oct 11, 2005 at 09:37:52AM -0500, Chris Byrd wrote:
I'd like to throw in my two bits on this. I suggest that the correlation engine be released under the same license as the rest of the Metasploit framework. My fear is that restricting release of the correlation engine will discourage people from extending the framework. Its easy to think of lots of good modules (like scanrand/nmap host and port scanning, p0f/nmap fingerprinting) that would be easy to write under the new architecture. I'm afraid that keeping it closed will not prevent the "bad guys" from getting it. They have no problem with running commerical pen-test tools from warez sites. How about requring root perms for MSF to run (maybe by using raw sockets or binding to a low port number for the correlation engine)? On the extreme side what about requring a CA-signed cert for interprocess communication? A true hacker could write around this in the source, but it might cut out some of the script-kiddies.
All good points. These are some of the same concerns others have voiced about trying to proceed with some sort of request-only release of the correlation engine. At this point I think we are leaning more toward releasing full support for the correlation and event-driven aspects of the framework. However, we are thinking that we will not release any samples that illustrate how to tie network and host disocvery events to the automatic launching of exploits. While support will exist for this type of feature, we may intentionally make it non-obvious so that the level of knowledge required to implement it successfully will be higher than your average dotslashhacker. Granted, it's probably only a matter of time until this information is leaked once again, but there's something to be said about raising the bar (in my opinion). We've not yet come to a conclusion on this yet though, so feedback from the community would be good. Also, I think we will try to release some information about 3.0 publicly, such as proposed API design and new features. More on that later.
Current thread:
- Extending Metaploit 3.0 to Vulnerability Scanning Chuck (Oct 07)
- Extending Metaploit 3.0 to Vulnerability Scanning mmiller at hick.org (Oct 07)
- Extending Metaploit 3.0 to Vulnerability Scanning Mike Bailey (Oct 07)
- Extending Metaploit 3.0 to Vulnerability Scanning Chris Green (Oct 07)
- Extending Metaploit 3.0 to Vulnerability Scanning Andre Ludwig (Oct 07)
- Extending Metaploit 3.0 to Vulnerability Scanning Chris Byrd (Oct 11)
- Extending Metaploit 3.0 to Vulnerability Scanning mmiller at hick.org (Oct 11)
- Extending Metaploit 3.0 to Vulnerability Scanning Chuck (Oct 11)
- Extending Metaploit 3.0 to Vulnerability Scanning mmiller at hick.org (Oct 07)
- Extending Metaploit 3.0 to Vulnerability Scanning Jerome Athias (Oct 09)
- <Possible follow-ups>
- Extending Metaploit 3.0 to Vulnerability Scanning jonathan roeder (Oct 08)
- Extending Metaploit 3.0 to Vulnerability Scanning mmiller at hick.org (Oct 08)