Results 1 to 7 of 7

Thread: An alternative idea for metasploit exploitation

  1. #1
    Senior Member
    Join Date
    Mar 2014
    Posts
    158

    An alternative idea for metasploit exploitation

    If many do not know , Metasploit community does not had anymore updates since last year , however , if you buy the pro version then you will be able to download the updates from metasploit website only and not from Kali repository .
    I was surfing around the web , and i went to packetstorm security website , packetstorm team releases every month a batch of brand new exploits .
    Someone with will and knowledge in python and perl programming could develop a similar tool based on metasploit but using packetstorm monthly exploit batches and then kali team could add it to kali repository .
    An automated tool would be very interesting because they release more than 3000 exploits every year .
    You can run the exploits individually if you download the tar and run the scripts 1 by 1 depending on what you need , but a cataloged tool would be a work of art .

    If anyone wants to give a look then check here for their batch of exploits .:
    https://packetstormsecurity.com/sear...packet%20storm

    Since metasploit is no more updated automatically , the only solution is to grab script by script and place it under exploits on metasploit folder , and then rebuild the database .
    https://www.exploit-db.com/browse/

  2. #2
    Junior Member
    Join Date
    Sep 2016
    Posts
    1
    What do you mean? Metasploit is updated almost every week in Kali linux, and Metasploit Community updates every-other week.

  3. #3
    Senior Member
    Join Date
    Apr 2013
    Location
    in a computer
    Posts
    600
    I agree with busterb, recently ran apt-get update && apt-get dist-upgrade, and the Metasploit Framework was updated.

  4. #4
    Junior Member
    Join Date
    Oct 2016
    Location
    Algeria
    Posts
    3
    busterb +1

  5. #5
    Senior Member
    Join Date
    Mar 2014
    Posts
    158
    You guys realize that metasploit is nothing compared to the exploit repository of packetstorm right ?
    You guys also realize that community metasploit is very limited in the exploits , and the good stuff is in metasploit pro where you have to buy a key that is an huge amount of money annually or monthly ?
    You guys also realize that you are only able to hack something with metasploit if the network admin of that server did not made an "apt-get upgrade" for at least 2 months ?
    I really hope also that you guys realize that you have more chance in hacking a server by discovering an sql injection point in the website and then get a shell after that point than discovering a service with metasploit running on a website with a vulnerability .
    Dos or ddos are out of question because that is not exploitation , and even to do a proper dos many considerations must be taken regarding to the firewall response on the other side regarding to that specific attack .

    Just to let you all metasploit fans , Metasploit is good , but is not that good .
    Last edited by pedropt; 2016-10-18 at 04:55 PM.

  6. #6
    yes, I agree with busterb.

  7. #7
    Senior Member
    Join Date
    Mar 2014
    Posts
    158
    By the way , i forgot here to mention .
    I was able to configure the latest metasploit in kali wheezy without much trouble .
    Many people changed to Jessie release (systemd) just because of metasploit updates , and they did not realize that was possible to get metasploit running on wheezy also .
    However , it gave me a little time to put everything working without messing things between metasploit 3 originally in kali wheezy .



    To update metasploit i created a script to update metasploit directly from git witch i can do daily and get new updates before they be on the main repository .


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •