Developers have released a major update to the Metasploit security testing tool designed to run more smoothly on the Windows operating system.
Metasploit 3.0, released early Tuesday morning, has been rewritten in the Ruby programming language to make the software faster and less buggy for Windows users, who make up the great majority of the software's users according to Metasploit developer HD Moore.
"Ninety-eight percent of our entire user base runs on Windows and they were really poorly supported," Moore said. By rewriting the program, developers expect to attract new users who had previously been frustrated by the effort required to run Metasploit on Windows. "We're guessing that we'll probably get 20 to 30 percent more users just from our improved Windows support," he said.
Metasploit has been installed on more than 100,000 computers to date, Moore said. Within 12 hours of the 3.0 release, the new code had been downloaded by about 7,500 systems, despite a denial of service attack on the Metasploit.com Web site.
The new version of the hacking tool includes a jazzed up Web interface and much more modest resource requirements on Windows PCs. Metasploit 2.7, which was written in the Perl language, uses between 128M bytes and 256M bytes of memory. With version 3.0 that requirement has dropped to 32M bytes, Moore said.
With the rewrite, Metasploit now uses a modular architecture that will make it easy for developers to integrate new exploit code and testing tools into the software.
Previously the framework was focused on developing exploits, but with the 3.0 changes, the software can now be used to do new things like test networks for flaws and merge new hacking tools within the Metasploit framework, Moore said. "We're kind of the security tool amoeba at this point, where anytime anyone has an interesting security tool, we can go, 'Great, absorb.'"
Metasploit developers have also tightened up the licensing terms for their software, which had previously been offered under both the GNU General Public License and the Artistic license, used by Perl.
Under the new Metasploit Framework License used by version 3.0, companies will no longer be able to sell the core Metasploit software, a practice that had been on the rise, according to Moore.
"We didn't want other companies reselling and repackaging it," he said. "We figured that people would be good community Samaritans and would contribute back to us ... but that wasn't happening."
Companies will be able to sell their own Metasploit modules, however, Moore said.