SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Thread: MetaSploit

  1. #1
    SitePoint Evangelist Fergal's Avatar
    Join Date
    Nov 2003
    Location
    Ireland
    Posts
    500
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    MetaSploit

    I'm considering downloading and learning how to use MetaSploit to identify security vulnerabilities in my own websites. Have you experience of using this application? Would you recommend it for this purpose?

    If you believe MetaSploit is not the best tool for this job, is there anything else you would recommend?

    Thanks!
    Fergal Crawley (Previous Username: Proudirish.com)
    Business Advice Forum - Webmaster and Business Forum
    < Get a free link & win $5,000
    Forum Coin New World Currency

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,644
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    PI,

    As I've mentioned to you before, if you "attack" your own (hosted) website, you are violating laws enacted around the world. If you want to "play" with these tools, do so ONLY on a virtual machine on your own computer OR you'll end up in jail.

    Tools? Load your Virtual machine with BackTrack (which includes a Linux OS) and attack your own computer (or another virtual machine).

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,547
    Mentioned
    40 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by Proudirish.com View Post
    ..use MetaSploit to identify security vulnerabilities in my own websites.
    The problem with this approach is that it can give you a false sense of security. You should start with best practices in development, maintaining a regime of server and application security updates, and personal account and data security, rather than hoping to catch weakness after the fact. Metasploit can be a useful tool, but shouldn't be mistaken as a total solution to site security.

  4. #4
    SitePoint Evangelist Fergal's Avatar
    Join Date
    Nov 2003
    Location
    Ireland
    Posts
    500
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the helpful replies.

    EastCoast I'm just starting to learn about this area and that's the direction I'm leaning towards, thanks for that.
    Fergal Crawley (Previous Username: Proudirish.com)
    Business Advice Forum - Webmaster and Business Forum
    < Get a free link & win $5,000
    Forum Coin New World Currency


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •