Metasploit Hacking Tool To Get Services-Based Model

ancientribe writes "Metasploit hacking tool creator HD Moore told Dark Reading that the open-source hacking tool soon will come with back-end services-based features aimed at offloading resource-intensive penetration testing tasks. This is a departure for the software-oriented Metasploit, and Moore and company just may be on to something: it turns out commercial penetration testing tool vendors are looking at adding services-based versions of their software. Immunity Inc. will do so this year, and Core Security Technologies is considering doing so as well."

Re:Resource intensive?

A few points:

1. If you are scripting with msfcli, you are probably doing it wrong and should be writing plugins or resources scripts for msfconsole.

2. The module count between 2 and 3 has more than doubled.

3. Its only using one core no matter what, so core counts aren't relevant.

I agree that 3.x is still pretty damned slow, but I disagree that its the languages's fault. The basic issue is a lack of "real" module caching, something we will try to tackle for 3.3. Thanks for the feedback!

Re:Production

[Tekfactory]

Its about belief, some folks won't trust the model to simulate the production environment. Even if you make the VM or Ghost image right off of the real hardware, and put it onto another machine of the same model with the same specs, someone in the chain of command or legal will want to know if you tested the real thing.

And if it goes far enough, say after a data breach, leave it to a lawyer in court to ask if you on the stand, if tested the live system or some rigged demo designed to fool the auditors.