Browse Definitions :
Definition

Metasploit Project - Metasploit Framework

The Metasploit Project is an open source project that provides a public resource for researching security vulnerabilities and developing code that allows a network administrator to break into his own network to identify security risks and document which vulnerabilities need to be addressed first.

The Metasploit Project offers penetration (pen) testing software and provides tools for automating the comparison of a program's vulnerability and its repaired (patched) version.  Anti-forensic and advanced evasion tools are also offered, some of them built into the Metasploit Framework.

Metasploit Framework, the Metasploit Project's best-known creation, is a software platform for developing, testing, and executing exploits. It can be used to create security testing tools and exploit modules and also as a penetration testing system. It was originally created as a portable network tool in 2003 by HD Moore.

The Metasploit Project also offers Metasploit Express, Metasploit Pro, the Opcode Database (currently out of date) and a shellcode database.  Shellcode is a type of exploit code in which bytecode is inserted to accomplish a particular objective. Common shellcode objectives include adding a rootkit or performing a reverse telnet back to the attacker's machine. Metasploit also offers a payload database, allowing the pen tester to mix and match exploit code and objectives. 

In 2009, the Metasploit Project was acquired by computer security company Rapid7. Metasploit Express and Metasploit Pro are "open core" versions of the Metasploit Framework, with more features added. (Open core is an approach to delivering products that combine open source and proprietary software.) Rapid7 continues to develop Metasploit in collaboration with the open source commmunity.

This was last updated in August 2011

Continue Reading About Metasploit Project - Metasploit Framework

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • spyware

    Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.

  • application whitelisting

    Application whitelisting is the practice of specifying an index of approved software applications or executable files that are ...

  • botnet

    A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

  • DRAM (dynamic random access memory)

    Dynamic random access memory (DRAM) is a type of semiconductor memory that is typically used for the data or program code needed ...

  • RAID 10 (RAID 1+0)

    RAID 10, also known as RAID 1+0, is a RAID configuration that combines disk mirroring and disk striping to protect data.

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

Close