Metasploit Hacking Tool To Get Services-Based Model

ancientribe writes "Metasploit hacking tool creator HD Moore told Dark Reading that the open-source hacking tool soon will come with back-end services-based features aimed at offloading resource-intensive penetration testing tasks. This is a departure for the software-oriented Metasploit, and Moore and company just may be on to something: it turns out commercial penetration testing tool vendors are looking at adding services-based versions of their software. Immunity Inc. will do so this year, and Core Security Technologies is considering doing so as well."

Legal minefield

Do they really expect professional penetration testers to use a third party to attack production networks? Most companies hardly have the guts to even hire a penetration tester. I doubt they'll be thrilled that the list of their vulnerabilities is shared with another company.

"offloading resource-intensive penetration tests"

[timeOday]

In my day we just called them botnets.

Resource intensive?

[Bert64]

Maybe if they hadn't decided to rewrite metasploit in ruby it wouldn't be so resource intensive...
The speed difference between 2.x and 3.x is absolutely insane. Calling the msfcli interface results in 10+ seconds of initialization before it even starts trying to exploit the target, when you have a script calling msfcli multiple times it soon gets tiring... And this is on a fairly modern dual core box. I used to run metasploit 2.x on a much slower single core box and it performed quite well.