Talk:Metasploit Project

From Wikipedia, the free encyclopedia
Jump to: navigation, search
          This article is of interest to the following WikiProjects:
WikiProject Computer Security / Computing  (Rated Start-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 
WikiProject Computing (Rated Start-class)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
 
WikiProject Free Software / Software / Computing  (Rated Start-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Free Software, a collaborative effort to improve the coverage of free software on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Software.
Taskforce icon
This article is supported by WikiProject Computing.
 


Untitled[edit]

The article title should be Metasploit Framework or Metasploit Project with a re-direct from Metasploit

"and automating the process of exploiting vulnerable software." There is no automation code in the metasploit framework (though technically a wrapper script could be written) automation has not been a priority for MSF.

The utility is also only written in perl (though version 3 will be in ruby), there are external additions which are included which are included in binary format (for dlls or shellcode) or python (for Inline Egg) but they are not an actual part of the Metasploit Framework.--Vargc0 01:37, 9 February 2006 (UTC)

Thanks, I made the changes you suggested. Quarl (talk) 2006-02-09 03:46Z
You might also want to split this article (if you want to dedicate a bit more time) into some of the projects. For example the metasploit project's most well known utility is the Metasploit Framework, but the Opcode Database, online shellcode generation, advisories, and research are also important and should get some coverage. The research they conduct is sometimes very original (i.e. WMF polymorphism) and a lot of the projects are well known and commonly used and should get equal coverage.
"External add-ons allow use of python and binary shellcode." sounds a bit awkward. I would either drop the line as it's mostly extraneous information or I would re-state it to say "The Metasploit Framework can use external add-ons in multiple languages." Technically the shellcode is part of the framework (just in binary format but assembly SOURCES are included).
I would also drop a quick mention that the project and it's work are OSS, great job! --Vargc0 05:07, 9 February 2006 (UTC)
Feel free to be bold and edit as much as you want :) I wouldn't split the article yet until it gets much longer; 20,000 to 30,000 characters is when we should start thinking about splitting - see Wikipedia:Article size. Quarl (talk) 2006-02-09 08:27Z
The reason I haven't myself is I'm associated with the project and would rather keep my own biases out of it. As far as splitting I meant into sections. --Vargc0 14:55, 9 February 2006 (UTC)
Oh, okay, I misread w.r.t. splitting the article (obviously). It is noble of you to resist editing! :) Quarl (talk) 2006-02-09 23:04Z
I've edited. Quarl (talk) 2006-02-09 23:26Z
Decided to be a bit bold and did so as well. I cut out some details that really aren't very important (i.e. it including shellcode, the names of the interfaces), and did a bit of re-wording. I also think that the description of what MSF does in the title is really more appropriate in the section as someone quickly searching for info reading only the section would have no idea what MSF actually does. --Vargc0 23:57, 9 February 2006 (UTC)
Looks good. Quarl (talk) 2006-02-10 00:27Z

Opcode database?[edit]

The Opcode Database provides users with the ability to easily cross reference specific opcode types, classes, and meta classes across one or more modules for one or more operating system versions. The database facilitates determining opcode portability and includes the opcodes themselves as well as information about the segments, imports, and exports that are associated with each module in the database.

I must say that I don't understand what's going on here. What exactly does this database contain? "Opcode types", i.e. "types of instruction codes of machine languages"? Who would find that useful? The term "opcode portability" also baffles me; by definition opcodes are specific to a machine language and are not portable between machines. What are "opcode classes" and "meta classes"? What are the "modules" that are referred to twice? Does the database perhaps contain modules rather than opcodes?

The paragraph reads as if it was written by someone who uses this database every day and for whom its usefulness is completely obvious. For the uninitiated reader, a standard use case would be very helpful. Why would I ever want to look anything up in this database? AxelBoldt 17:55, 20 February 2006 (UTC)

Ok, I rewrote most of it, since it wasn't clear to me and, in any event, was a copyright violation. AxelBoldt 23:56, 26 February 2006 (UTC)
Thanks. Quarl (talk) 2006-02-27 03:50Z
Many of these edits do not reflect important parts of the Metasploit Project. The steps to run an exploit using the framework are unimportant in an encyclopedic article. That entire part needs to be written as text from the header needs to be moved into the Framework section as if you just start reading it makes no sense what so ever what the framework is or does. Listing the interfaces is also not interesting, the usage details are not very important in an encyclopedia article. That section should discuss what it does (exploit systems, utilize payloads, cool features like VNC and meterpreter.)
Indeed, the Metasploit framework facilitates the latter task considerably. This seems to be rather POV (the reason being that the entire full-disclosure vs. non-disclosure vs. responsible disclosure argument is about this issue alone and has been going on for a long time now.)
This article needs considerable re-organization, capitalization fixes, and re-writing unless you have any objections to these comments I plan to do so. --Vargc0 01:23, 28 February 2006 (UTC)

Open Source? Who says?[edit]

This software's license: http://metasploit.com/svn/framework3/trunk/documentation/LICENSE doesn't seem to be really Open Source, let alone Free Software (in an FSF sense). Do we have any links to license examination reports from anyone not associated with this project? I've tried to find some, but haven't come up with much.

If no relevant sources can be found, I'm going to remove the references to this being Open Source in 3 days.

--NightMonkey 23:11, 31 March 2007 (UTC) It is currently under a BSD 3 clause license IRWolfie- (talk) 22:18, 1 July 2010 (UTC)

Here is a source for the BSD license: http://www.metasploit.com/redmine/projects/framework/repository/entry/README Ricky (talk) 18:11, 12 November 2010 (UTC)


NPOV[edit]

There is no "Controversy" section in the article, even though itis well-warranted!

The guys who develop Metasploit and the Defiler's Toolkit, etc. are not researchers, but anarchists and the net would be better if they were saccoed and vanzettied. Maybe in 40 years they would be rehabilitated, but we need to do something to help uphold law and order in the net NOW and they are a barrier, who are also abetting criminals.

Several pages worth of article: food for thought on the topic of Metasploit driven anti-forensics making crooks very happy: http://www.cio.com/article/print/114550

Controversy sections are generally considered to be a bad thing nowadays. Controversies and other issues should be worked into the article as a whole, not forced into a dedicated section. And you need better sources; the one you linked doesn't say what you claim. It describes how Liu is trying to prove that anti-forensics make much existing thought about digital forensics invalid. But his point is that the exploits already exist -- he's not the one creating them, and criminals would still be able to use them even without his work. If a criminal used such an exploit to frame you for a cybercrime, you would be glad that Liu has highlighted you and let you cite those vulnerabilities in your defense. --Aquillion (talk) 16:53, 22 October 2009 (UTC)

Rapid7 - Metasploit takeover[edit]

See this news article, or the Metasploit blog —Preceding unsigned comment added by 80.42.58.103 (talk) 17:48, 21 October 2009 (UTC)