Home page logo

metasploit logo Metasploit mailing list archives

An extra repository for exploits got by mailinglist
From: eresemeth at gmail.com (Rory Garton Smith)
Date: Sun, 4 Feb 2007 20:40:20 +0800

ehh, i trust the framework enough, cause I guess one of the reasons I use it
is to enhance my knowledge of the programming of exploits yourself, and that
if you can't read the actual code of the exploit to see what it does (and
whether its non internally malicious) you're a bit of a script kiddy. So yeh
I guess the only reason you'd have that problem is if that were true. But
still you have a point I suppose

On 2/4/07, Dennis G?nnewig <lex001 at gmx.de> wrote:


concerning about trusting exploits got by external members of the
mailing list, i asked myself if it would possible/desirable to have more
than one repository:

o one for the msf-core-components

o one for the modules (exploits, auxillarys, encoders etc.) written
and/or reviewed by members of th msf-developing team

o one for all unreviewed exploits written by members of the mailing list

I'm convinced of the knowledge and the profession of most of the members
of the mailinglist, so please don't start a flame war. From my point of
view it's more a question of trust:

To trust the members of the core developing team, who invest a lot of
time and "heartblood" to build the framework or to trust others maybe
interested to harm the community around the framework. (Sounds a bit
paranoiac, i'm aware of ;) )

So with a least three repositorys everybody is free to decide which
risk, he/she wants to take by using the framework.

Best regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070204/9ceac210/attachment.htm>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]