Results 1 to 7 of 7

Thread: An alternative idea for metasploit exploitation

  1. #1
    Join Date

    An alternative idea for metasploit exploitation

    If many do not know , Metasploit community does not had anymore updates since last year , however , if you buy the pro version then you will be able to download the updates from metasploit website only and not from Kali repository .
    I was surfing around the web , and i went to packetstorm security website , packetstorm team releases every month a batch of brand new exploits .
    Someone with will and knowledge in python and perl programming could develop a similar tool based on metasploit but using packetstorm monthly exploit batches and then kali team could add it to kali repository .
    An automated tool would be very interesting because they release more than 3000 exploits every year .
    You can run the exploits individually if you download the tar and run the scripts 1 by 1 depending on what you need , but a cataloged tool would be a work of art .

    If anyone wants to give a look then check here for their batch of exploits .:

    Since metasploit is no more updated automatically , the only solution is to grab script by script and place it under exploits on metasploit folder , and then rebuild the database .

  2. #2
    Join Date
    What do you mean? Metasploit is updated almost every week in Kali linux, and Metasploit Community updates every-other week.

  3. #3
    Join Date
    Kali forums
    I agree with busterb, recently ran apt-get update && apt-get dist-upgrade, and the Metasploit Framework was updated.

  4. #4
    Join Date
    busterb +1

  5. #5
    Join Date
    You guys realize that metasploit is nothing compared to the exploit repository of packetstorm right ?
    You guys also realize that community metasploit is very limited in the exploits , and the good stuff is in metasploit pro where you have to buy a key that is an huge amount of money annually or monthly ?
    You guys also realize that you are only able to hack something with metasploit if the network admin of that server did not made an "apt-get upgrade" for at least 2 months ?
    I really hope also that you guys realize that you have more chance in hacking a server by discovering an sql injection point in the website and then get a shell after that point than discovering a service with metasploit running on a website with a vulnerability .
    Dos or ddos are out of question because that is not exploitation , and even to do a proper dos many considerations must be taken regarding to the firewall response on the other side regarding to that specific attack .

    Just to let you all metasploit fans , Metasploit is good , but is not that good .
    Last edited by pedropt; 2016-10-18 at 16:55.

  6. #6
    yes, I agree with busterb.

  7. #7
    Join Date
    By the way , i forgot here to mention .
    I was able to configure the latest metasploit in kali wheezy without much trouble .
    Many people changed to Jessie release (systemd) just because of metasploit updates , and they did not realize that was possible to get metasploit running on wheezy also .
    However , it gave me a little time to put everything working without messing things between metasploit 3 originally in kali wheezy .

    To update metasploit i created a script to update metasploit directly from git witch i can do daily and get new updates before they be on the main repository .

Similar Threads

  1. NFS exploitation with Metasploit
    By fariset in forum How-To Archive
    Replies: 0
    Last Post: 2020-07-30, 05:39
  2. Replies: 3
    Last Post: 2015-10-31, 05:34
  3. Cool Python Post Exploitation Script - Cognizant
    By skytrash in forum General Archive
    Replies: 2
    Last Post: 2014-06-20, 00:42

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts