A Brief History of Metasploit
Metasploit was originally developed and conceived by HD Moore while he
was employed by a security firm. When HD realized that he was spending
most of his time validating and sanitizing public exploit code, he began to
create a flexible and maintainable framework for the creation and development
of exploits. He released his first edition of the Perl-based Metasploit
in October 2003 with a total of 11 exploits.
With the help of Spoonm, HD released a total rewrite of the project,
Metasploit 2.0, in April 2004. This version included 19 exploits and over 27
payloads. Shortly after this release, Matt Miller (Skape) joined the Metasploit
development team, and as the project gained popularity, the Metasploit Framework
received heavy backing from the information security community and
quickly became a necessary tool for penetration testing and exploitation.
Following a complete rewrite in the Ruby programming language,
the Metasploit team released Metasploit 3.0 in 2007. The migration of the
Framework from Perl to Ruby took 18 months and resulted in over 150,000
lines of new code. With the 3.0 release, Metasploit saw widespread adoption
in the security community and a big increase in user contributions.
In fall 2009, Metasploit was acquired by Rapid7, a leader in the
vulnerability-scanning field, which allowed HD to build a team to focus
solely on the development of the Metasploit Framework. Since the acquisition,
updates have occurred more rapidly than anyone could have imagined.
Rapid7 released two commercial products based on the Metasploit Framework:
Metasploit Express and Metasploit Pro. Metasploit Express is a lighter
version of the Metasploit Framework with a GUI and additional functionality,
including reporting, among other useful features. Metasploit Pro is an expanded
version of Metasploit Express that touts collaboration and group penetration
testing and such features as a one-click virtual private network (VPN) tunnel
and much more.
x
was employed by a security firm. When HD realized that he was spending
most of his time validating and sanitizing public exploit code, he began to
create a flexible and maintainable framework for the creation and development
of exploits. He released his first edition of the Perl-based Metasploit
in October 2003 with a total of 11 exploits.
With the help of Spoonm, HD released a total rewrite of the project,
Metasploit 2.0, in April 2004. This version included 19 exploits and over 27
payloads. Shortly after this release, Matt Miller (Skape) joined the Metasploit
development team, and as the project gained popularity, the Metasploit Framework
received heavy backing from the information security community and
quickly became a necessary tool for penetration testing and exploitation.
Following a complete rewrite in the Ruby programming language,
the Metasploit team released Metasploit 3.0 in 2007. The migration of the
Framework from Perl to Ruby took 18 months and resulted in over 150,000
lines of new code. With the 3.0 release, Metasploit saw widespread adoption
in the security community and a big increase in user contributions.
In fall 2009, Metasploit was acquired by Rapid7, a leader in the
vulnerability-scanning field, which allowed HD to build a team to focus
solely on the development of the Metasploit Framework. Since the acquisition,
updates have occurred more rapidly than anyone could have imagined.
Rapid7 released two commercial products based on the Metasploit Framework:
Metasploit Express and Metasploit Pro. Metasploit Express is a lighter
version of the Metasploit Framework with a GUI and additional functionality,
including reporting, among other useful features. Metasploit Pro is an expanded
version of Metasploit Express that touts collaboration and group penetration
testing and such features as a one-click virtual private network (VPN) tunnel
and much more.
x