未加星标

Metasploit eyeing Linux and usability improvements; iOS support uncertain

字体大小 | |
[系统(linux) 所属分类 系统(linux) | 发布者 店小二03 | 时间 2016 | 作者 红领巾 ] 0人收藏点击收藏

Metasploit eyeing Linux and usability improvements; iOS support uncertain

Image: iStock/weerapatkiatdumrong

Engineers at Rapid7 , which owns the popular Metasploit penetration testing tool , are preparing a variety of enhancements for the ramp-up to version 5.0 in 2017.

Metasploit evolved in 2003, Rapid7 acquired it from the original developers in 2009, and fourth-generation software debuted in 2011. Metasploit Pro is currently in version 4.2 and costs several thousand dollars for a license; Metasploit Framework currently in version 4.12.33 is open source, officials explained.

SEE: Penetration Testing and Scanning Policy (Tech Pro Research)

Leo Varela, director of engineering, said his team is developing capabilities such as a single-pane interface, ways to convert Android vulnerabilities into corporate network access, a new focus on automated testing of network security controls, and a code base that's slimmer and faster.

Metasploit is traditionally windows-centric. However, for Apple iOS testing, Boston-based Rapid7 is in the same boat as everyone else in the security and forensics fields―it's very difficult to do. Varela said he's open to adding iOS modules if the community of open-source Metasploit Framework users can help. Apple's mobile operating system is a custom version based on a derivative of Unix, and in recent and upcoming changes, "We are adding the capabilities to be able to interact with linux and with Unix," Varela noted.

"It's up to the open-source developers to add content to it. We believe these [other] investments are much more valuable to the penetration testing community at large while we allow the open-source community to come up with iOS modules," Varela added.

Joshua Marpet, of security and forensic consulting firm GuardedRisk , said Rapid7's ease-of-use plans sound helpful for lower-level employees, but security professionals are happy using the command line and would rather see Rapid7 put its resources into new modules.

Marpet gave an example of the recent distributed denial-of-service against prominent security blogger Brian Krebs . By going through network-connected street cameras, the attackers made whole new approaches, he said. That differs from the antivirus world where new viruses are typically just different payloads wrapped in existing techniques, he observed. Rapid7 needs to keep up with this, he urged.

Marpet, in Wilmington, Del., said another tool he likes is Strategic Cyber's Cobalt Strike because of its automation features. Washington D.C.-based developer Raphael Mudge made Cobalt Strike atop Metasploit Framework but later changed its foundation to a different system. Mudge, asked about his product's roadmap, said he has new releases every few months but declined to comment because of frequently changing priorities.

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

主题: iOSLinuxAppleAndroidWindowsApple iOS
分页:12
转载请注明
本文标题:Metasploit eyeing Linux and usability improvements; iOS support uncertain
本站链接:http://www.codesec.net/view/483191.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(28)