“The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.“
This is the official change log:
Statistics:
- Metasploit now ships with 698 exploit modules, 358 auxiliary modules, and 54 post modules.
- 11 new exploits, 1 new auxiliary module, and 15 new post modules have been added since the last release.
New Exploit Modules since 3.7.1:
- MS11-050 IE mshtml!CObjectElement Use After Free
- AWStats Totals =< v1.14 multisort Remote Command Execution
- IBM Tivoli Endpoint Manager POST Query Buffer Overflow
- Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
- Magix Musik Maker 16 .mmm Stack Buffer Overflow
- VisiWave VWR File Parsing Vulnerability
- GoldenFTP PASS Stack Buffer Overflow
- DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow
- 7-Technologies IGSS <= v9.00.00 b11063 IGSSdataServer.exe Stack Overflow
- 7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities
- 7-Technologies IGSS 9 IGSSdataServer .RMS Rename Buffer Overflow
Notable Features & Closed Bugs:
- Cachedump merged (#505, #310)
- Remote Registry commands for Meterpreter (#1894)
- Create a ROP gadget search tool (#4044)
- Update Nmap XML parsers to support Nokogiri parsing (#4578)
- db_import failing with ip360 XML imports (nCircle imports) (#4619)
- packetfu library – HSRP code (#4430)
- PCAPRUB support on Windows XP also in Debian 5.0.8 and Ubuntu 10.10 (#4558 / #4554)
- Egghunter now disables DEP (#4375)
- Sign the java_signed_applet with OpenSSL instead of RJB. (#3440)
- Add 64 bit linux shellcode (#4451)
- Regression in Meterpreter pivoting fixed (#4642)
- New tools Script – module_rank.rb (#4334)
- Enhancements to SMTP User Enumeration Utility (aux/scanner/smtp/smtp_enum) (#4031)
출처 : www.pentestit.com
728x90
댓글