The Metasploit Framework is an advanced open-source exploit development and testing environment. Version 2.1 fixes many issues that users have reported since the release of 2.0 and adds several new features. The bug fixes alone are more than worth the time to upgrade. If you currently use the Framework under Windows, we strongly urge that you update to the 2.1 release; quite a few features and payloads simply don't work right with version 2.0 and Cygwin. This release includes 21 exploits and 27 payloads; many of these exploits are either the only ones publicly available or just much more reliable than anything else out there. The Framework will run on any modern system that has a working Perl interpreter, the Windows installer includes a slimmed-down version of the Cygwin environment. We have tested the Framework on Linux, BSD, Mac OS X, Solaris, AIX, and Windows (NT, 2000, XP, 2003). Some highlights in this release: - Many Cygwin induced bugs fixed - Improved msfconsole tab completion - Fixed problems with logging functionality - Improvements on msfpescan to scan memory dumps from memdump.exe - socketNinja tool for doing all sorts of connection foo This release is available from the Metasploit.com web site: - http://metasploit.com/projects/Framework/ Direct download links are provided below. Unix-like operating systems: - http://metasploit.com/tools/framework-2.1.tar.gz Windows-based operating systems: - http://metasploit.com/tools/framework-2.1.exe You can subscribe to the Metasploit Framework mailing list by sending a blank email to framework-subscribe [at] metasploit.com. This is the preferred way to submit bugs, suggest new features, and discuss the Framework with other users. This is also where we send out updates and new modules. This mailing list is low traffic and archived online at: - http://metasploit.com/archive/framework/threads.html The Framework was written by spoonm and H D Moore, if you would like to contact us directly, please email us at msfdev [at] metasploit.com. Don't be shy, your feedback is very important. Drop us a line even if it is just tell us that you use it! We would like to thank everyone contributing to the metasploit project, with special thanks to skape, optyx, and the anonymous user who made the first donation to the metabeverage fund :) This release added the following new exploit modules: - windows_ssl_pct - svnserve_date - samba_nttrans ... and some nice improvements to many existing modules. Check out the new "exploits" section at the Framework project page; you can now download the latest versions of the exploit modules directly from the web site. All new exploits developed before the final 2.2 release will be made available via this page. Once we get some free time, we plan on adding exploitation and usage notes to this page. A new module has already been uploaded for the Squid NTLM buffer overflow bug... Enjoy! - spoonm and HD
