n3td3v schrieb: > there should be a central license that people apply for to use > software like metasploit. >
Well. There's. It's called competence. Clueless people don't use Metasploit. Normally it doesn't lower the bar very much. Think of Core or Canvas. You can get this too, nevertheless it's expensive. Who's going to prevent Warez? - Right, no one. So if you're talking about a theoretical concept, you should face the reality: there's no software you can't get for free. And if there's, nothing prevents you from writing your own exploits. Just grab some source, and search through it. You'd be surprised how much crap you'll find. > only letting the good guys use the software for good > purposes. First build a devel, let it run, and sell the holy water. That's how it works. Without any evil approaches, we wouldn't work. Today's process of hardening needs something, which speeds it up by fear. And that's exactly what Metasploit does. It pwns incompetent management, driven by the idea to develop feature rich blaotware in no time - without caring for design, structure and security of the customers. I guess nobody who's having the good old skills needs an exploit framework. So - what's the software you're going to certify by n3rd3v license? Shellcode with 0s? :) Or some wrapper scripts? By the way: security is a market. Nothing prevents you from selling exploits at wabisabi or so. Nevertheless I wouldn't chose eBay. :) -- --__----____----- wishinet.blogspot.com just wishi - does Netninpo __--___-----_____ - http://www.gnu.org/philosophy/no-word-attachments.html - PGP ID: 0xCCCA5E74 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/