Hands-on with Metasploit Express

One of the tricky things about penetration testing tools is their ability to be weaponised. Software designed to audit a network for security vulnerabilities can also easily be used to launch a real attack against a network without authorisation. And Metasploit is perhaps the best example of a tool that can be used as either a sword or a ploughshare. Launched in 2003, Metasploit began as a network security game written in Perl, but was then rewritten using the Ruby on Rails framework. It developed into a suite of open source tools that could be used not only for network scanning and vulnerability analysis but also for the development of network exploits.