A first look at Metasploit

Published on 2011-07-14 by John Collins.

Metasploit is the leading open source security penetration testing system in use today. It was originally created by HD Moore during 2003 in Perl, but has since been ported to Ruby and now stands as one of the biggest Ruby-based systems around.

The framework is available for download from their homepage here:

Metasploit Project

To give you a flavour of what Metasploit can do, here is an example video where the attacker (using a Mac) uses a known exploit in Adobe Reader under Windows XP to install a keylogger and screen capture spyware on the victim's machine, all carried out remotely:

The tutorial detailing the steps carried out in the above video can be found here:

The Metasploit Framework: An Introduction to Meterpreter

If you wish to learn more, there is an excellent and very detailed guide to the Metasploit framework available online for free here:

Metasploit Unleashed

Finally, here is a recent interview with the creator of Metasploit, HD Moore:

HD Moore Reveals His Process for Security Research