Well I had a chance to download and have a quick test of the metasploit framework which I talked about earlier.
It definately does what it says on the tin! I downloaded it, ran the web server version (one command), fired up a known vulnerable Virtual machine, and very soon had a remote administrator exploit against IIS5 launched.
I think it could be very useful in the securtiy industry from the point of view of convincing companies that level of technical knowledge required to hack into their systems is not high.... This is needed as a common reason given by management in companies for not doing things like patch management of internal servers is that "well no-one would know how to do that" with the thought that hacking a server requires a high level of technical expertise...
