"While Metasploit could potentially be used as a
malicious tool, its intent is all about verifying security and
keeping vendors honest, according to project leader H D Moore.
"Metasploit is a great way to enforce the 'trust by verify'
method of IT security management," Moore told InternetNews.com.
"Often folks will install a patch, but forget to reboot the server
or otherwise activate the fix. This can lead to machines showing as
'patched' in the sense that registry checks will return the correct
information, but still being exploitable using a product like the
"Metasploit is an open source testing framework first developed
by Moore in 2003. One of its hallmarks since at least the 3.0
release is its ability to evade detection by antivirus and
intrusion-prevention systems. Again the focus for Moore isn't about
being malicious, but about making sure that security systems