Is Metasploit safe to use?

[carnageX]

Well the service is through a web interface. You have trial which doesn't let you play with the exploits or brute force software, then you have pro which has everything unlocked.

Ah, ok, gotcha. You said you had BT running on your phone too, right? I'm kinda surprised the chip on your phone supports packet injection / monitor mode. Or did you have to search for modified drivers for it?

 

[GLaDOS]

Yes, it's legal to use metasploit. Pretty much everything there has already been patched up in some sort of way, so that users can't just go and download exploits and be script kiddies and try to crack into users' information with premade tools.

Metasploit goes well with BackTrack (a penetration testing distribution of Linux). If you plan on doing anything in security, I'd recommend checking it out; it's quite interesting to see what tools are out there. I've used it on my own network a few times to test out its features, and love it. There's a reason professional penetration testers use it too .

Ok great! I'll look into BackTrack too. Like I said, I basically wanted to use these tools to get an idea of what information security was like and some of the threats that are out there - I just did not want to break any laws by mistake along the way lol. Are there any other tools you could suggest that would be helpful in this regards?

And how does Metasploit work exactly? I still have some reading up to do, but am I connecting this to another computer I own, some remote computer somewhere else, or something I am not even aware of??

 

[PP Mguire]

Ah, ok, gotcha. You said you had BT running on your phone too, right? I'm kinda surprised the chip on your phone supports packet injection / monitor mode. Or did you have to search for modified drivers for it?

Yea I did. I didn't need anything extra for my phone to work. Just VNC, Terminal, and some common computer sense.

Ok great! I'll look into BackTrack too. Like I said, I basically wanted to use these tools to get an idea of what information security was like and some of the threats that are out there - I just did not want to break any laws by mistake along the way lol. Are there any other tools you could suggest that would be helpful in this regards?

And how does Metasploit work exactly? I still have some reading up to do, but am I connecting this to another computer I own, some remote computer somewhere else, or something I am not even aware of??

I would wait until you have a bit more experience under your belt before trying to use Backtrack. It is pretty much all terminal based and command lines.

Metasploit is software you install on to your computer. Their gui runs in the browser similar to that of logging in to your router.

 

[office politics]

prolly best to start by learning how to scan machines for finger prints. you'll want to learn as much as to can about a target before moving to exploit a vulnerbility.

scan with nessus first to understand whats on the box. then, use metasploit to execute a payload onto the target. (aka hacking the box).

metasploit is a tool used to quickly exploit known vulnerbilities onto a box. (usually remote, it can be on local or over wan)

 

[GLaDOS]

prolly best to start by learning how to scan machines for finger prints. you'll want to learn as much as to can about a target before moving to exploit a vulnerbility.

scan with nessus first to understand whats on the box. then, use metasploit to execute a payload onto the target. (aka hacking the box).

metasploit is a tool used to quickly exploit known vulnerbilities onto a box. (usually remote, it can be on local or over wan)

Ok I'll try Nessus out first and go from there as you suggested - thanks!

 

[Sheepykins]

quite alot of IDS vendors use metapsloit as a reference material for signatures, so yeah definatly safe and legal