The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide.
The framework is written in the Ruby programming language and includes components written in C and assembler.
Metasploit 3.3.3 release notes:
- All exploits now contain a ranking that indicates how dangerous the default settings are to the target host.
- The search command now takes a -r option to specify a minimum ranking of modules to return.
- The db_autopwn and nexpose_scan commands now take a -R option to specify a minimum ranking of modules to run.
- The InitialAutoRunScript option has been added to Meterpreter, providing a way for exploits to specify required post-exploit tasks (migrate out of a dying process).
- jRuby 1.4.0 can be used to run some parts of the framework, however it is not supported or recommended at this time.
- The sessions command can now run a single command (-c) or a script (-s) on all open sessions at once.
- The Win32 EXE template is now smaller (37k from 88k).