Joshua Corman wrote a post entitled HD Moore’s Law in which he raises some valid points around the fact that tools like Metasploit make it incredibly easy for anyone with little or no knowledge to be able to test a system for vulnerabilities. Naturally, the purpose of this or other such tools is to aid a security tester in finding these vulnerabilities. However, like any such tool, you cannot dictate if someone will use this for attack or defensive purposes.
The question then becomes whether your security defences have increased at the same rate? (hint the answer is no.) It’s a relatively straightforward process with many tools to choose from that you can simply point and click to your systems and see if they can find some vulnerabilities. If they do, then you’re in a bit of trouble because it means anyone with a computer and internet connection can also find the same vulnerability.
Javvad Malik 