PDA

View Full Version : [ubuntu] What is Metasploit exactly?



stamatiou
July 18th, 2011, 10:26 PM
Hey guys,
I would like to ask a question about metasploit framework.
Is it something lime programming?
Is it a database of exploits?
Do I need to know Ruby to use it?

Dangertux
July 18th, 2011, 10:29 PM
Metasploit is an exploitation framework written in Ruby. It is designed for penetration testers and security researchers. You do not have to know Ruby, however it is greatly helpful particularly if you want to create your own modules.

stamatiou
July 18th, 2011, 10:34 PM
Metasploit is an exploitation framework written in Ruby. It is designed for penetration testers and security researchers. You do not have to know Ruby, however it is greatly helpful particularly if you want to create your own modules.
So the users are not "script kiddies" or something?

Dangertux
July 18th, 2011, 11:17 PM
So the users are not "script kiddies" or something?

I'm not sure that using Metasploit or not using Metasploit qualifies one as a script kiddie or otherwise. If anything it depends on the purpose for why they are using Metasploit. Like anything Metasploit is a tool, your intentions and how you use it dictate the script kiddie factor.

bodhi.zazen
July 19th, 2011, 05:08 AM
So the users are not "script kiddies" or something?

"script kiddies" is a derogatory term used for crackers. The implication is that they have enough knowledge to run a script, and automated "attack" but not enough knowledge to be a "real threat" so as to leverage any vulnerability they identify.

I see the term most often applied to port scans or scripts that automate ssh (or other) logins - common users (root, staff, etc) and common passwords.

stamatiou
July 19th, 2011, 10:54 AM
So it is something like a programming language?

stlsaint
July 22nd, 2011, 04:51 AM
So it is something like a programming language?

I guess you completely missed the first reply.

Metaploit (http://www.metasploit.com/) - A penetration testing framework!

1. No it is not a programming language
2. No not only script kiddies or crackers use it
3. No you do not have to know a the acutal language that it was made in to use it.

stamatiou
July 22nd, 2011, 09:02 AM
I guess you completely missed the first reply.

Metaploit (http://www.metasploit.com/) - A penetration testing framework!

1. No it is not a programming language
2. No not only script kiddies or crackers use it
3. No you do not have to know a the acutal language that it was made in to use it.
I am asking beacause the only framework I know iis Django and in order to use it you must learn it. Also, what is a module?

stlsaint
July 23rd, 2011, 02:12 AM
I am asking beacause the only framework I know iis Django and in order to use it you must learn it. Also, what is a module?

The best way to learn is to dive in and get your hands dirty. There is way too much in metasploit to try and explain every aspect here in this thread. Head over and install metasploit or grab a copy of backtrack and have at it! Trust me you will gain WAY more knowledge by doing it yourself instead of being spoon feed here.

Dangertux
July 23rd, 2011, 02:40 AM
I would definitely agree with the above post.

Also a module is an add-on for metasploit written in ruby adding functionality to metasploit. This could be an exploit , fuzzer ,denial of service module, encoder, payload or anything else you wish to add in and have the functionality of within the framework. Even something simple like a banner grabber.