Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Metasploit Modules: A Year in Review

A month of so back now I started automating some posts on the new Metasploit modules released. As luck would have it, about the same time, the guys over at Rapid7 started to churn out more regular blog post themselves, giving details of the key modules and changes. Although the posts were interesting to a select few, I never saw them as a long-term thing and as the year ticks over to 2012 it’s time to put them to bed. After all, the people at R7 are bound to have a better overview of Metasploit than I am.

Before it goes though, I took time to output newly added modules between 2011-01-01 and now (2011-12-31)… just to show what’s been accomplished in 2011. I’m sure the fine folks at R7 will be putting out a more detailed review together with pretty charts, and maybe even an Infographic or two. Still, I hope this proves useful for some as we wave goodbye to the automated weekly posts.

Note (09 July 2012): As this post has resurfaced recently amongst discussions of how much Metasploit has changed in that last few years, I wanted to add a link here to the description of HD Moore’s Law (as discussed at the end of 2011 by Josh Corman).

Casual Attacker power grows at the rate of Metasploit*

For a full overview of HDMoore’s law and the though process behind it I would point you to the Cognitive Dissedents blog –> http://blog.cognitivedissidents.com/2011/11/01/intro-to-hdmoores-law/

Note: These are only the modules marked as Additions within the modules / tools or scripts directories. Some modules may be excluded and others may appear if they were Deleted and reAdded at some point in the year. I’ll be posting up something about how the lists were created in a separate post soon.

The following modules have been added to the Metasploit SVN between 2011-01-01 and 2011-12-31


3 responses to “Metasploit Modules: A Year in Review

  1. Tod Beardsley January 3, 2012 at 14:45

    Aw man, you’re packing it in? I liked your updates. Much shorter than mine.

  2. ChrisJohnRiley January 3, 2012 at 14:49

    Yeah sorry… they were a good idea and I had fun playing about with SVN and some scripting to get them automated. The only problem was that they were taking over the blog a bit too much. If I didn’t write anything in a few weeks all there was on the blog was 3 Metasploit Updates posts and nothing else. I’m sure you guys can automate something that serves the same purpose… maybe a nightly list?

    Maybe I’ll do monthly recaps… who knows 😉

  3. Tod Beardsley January 3, 2012 at 16:31

    Well, for the people who actually want up to the minute updates, they can just subscribe to the various RSS feeds from GitHub or Redmine, and post-process from there. For people that want just a list of new/changed modules, your stuff was good. For people that wanted a few words on background, jcran’s release notes did the trick. For some contextual analysis with regard to general framework and module changes, my stuff was there. So that pretty much covers everything. 🙂

%d bloggers like this: