11 security audit essentials
In addition to reconnaissance tools and port scanners, exploitation tools are the next category of weapons in the IT security audit tools arsenal. The most popular exploit development framework is Metasploit, from Rapid 7. Initially launched as a game, it has evolved into one of the most powerful exploit development frameworks. Metasploit enables custom exploits, using a procedure known as porting of exploits. The tool can also be used for generating offsets, writing exploits and penetrating a range of targets, including systems based on Windows, Linux and Solaris, among others. Metasploit has various modules and exploits under each framework. The GUI version of this IT security audit, known as Armitage, is useful to acquaint beginners with all the features. Backdooring executables can be launched via a module called msfpayload. This can be used in social engineering and for increasing employee awareness of security policies and standards.
You can download this tool here.