Metasploit Hits 1000 Exploits
http://kingofdkingz99.blogspot.com/2012/12/metasploit-hits-1000-exploits.html
Along with today's 4.5 release, Metasploit hit a thousand exploits.
So, what does that mean? Well, let's take a look, historically.
When Metasploit 1.0 was released on October 6, 2003, it boasted all of 11 exploits, according to this mailing list post.
Now, this is 9 years ago, so an announcement on a mailing list of more
than one exploit was pretty novel, and "a ton of new ones" were "on the
way."
About six months later, Metasploit 2.0 was released. This April 7, 2004 edition of Metasploit had 18 exploits,
a 63% jump. Not bad for 2004 -- that was practically one new exploit a
month from one project! These guys were clearly Serious Business.
Over
the next three years, Metasploit attracts the attention of basically
everyone in the security research community, HD begins and ends the Month of Browser Bugs,
and incidentally the Framework gets completely rewritten in Ruby (up
until now, the Metasploit Framework had been written in Perl). Upon
Metasploit 3.0's release on March 27, 2007, the project commands 177 exploits.
That's 159 new exploits over about 36 months, right around 4.4 exploits
per month, so let's just round it out and figure this period saw about
one new exploit per week. Things are picking up steam.
On
August 1, 2011, Metasploit 4.0 was released. In the interim, the
Metasploit Framework got picked up by Rapid7 (thanks guys!), so people
started getting paid, full-time, to write and help others write
exploits. We have a couple products come up in this time -- Metasploit
Community and Metasploit Pro, so we have a whole new slew of users. This
release sees 716 exploits, at least according to commit 65a3c0.
Since 3.0, 716 exploits means 557 new exploits. The lag from 3.0 is
four years and four months -- 1588 days, to be precise, right about 227
weeks. (557 / 227) is right about 2.4 exploits per week over this scale,
or twice as many as the jump from 2.0 to 3.0.
That
brings us to today -- December 7, 2012. Using the 1000 exploits figure
as of Metasploit 4.5, it took us 70.5 weeks to pick up those 284 new
exploits. That's an average of four new exploits a week since 4.0's
release. I guess we don't work on Fridays.
Incidentally, we have 562 auxiliary modules and 164 post modules as of
this moment, too, and those are no small feat, either, and there's lots
of interesting and important work being done there, too.
The growth of Metasploit Framework and the Metasploit products over the years have been amazing and humbling. Anyone can see that we don't write all or even half of these exploits -- they come from researchers, hobbyists, and hackers from around the world, and all of you had the thought to share your knowledge, skill, and expertise with us. Thank you for that. Thanks also to Rapid7 for recognizing the power and positivity of the open source security movement
So, what does that mean? Well, let's take a look, historically.
The growth of Metasploit Framework and the Metasploit products over the years have been amazing and humbling. Anyone can see that we don't write all or even half of these exploits -- they come from researchers, hobbyists, and hackers from around the world, and all of you had the thought to share your knowledge, skill, and expertise with us. Thank you for that. Thanks also to Rapid7 for recognizing the power and positivity of the open source security movement