The blackhat community has been using client-side exploits for several years now. Multiple commercial suites exist for turning webservers into malware distribution centers. Unfortunately for the pentester, acquiring these tools requires sending money to countries with no extradition treaties, taking deployed packs from compromised webservers, or other acts of questionable legality. To ease this burden the Metasploit Project will present an extensible browser exploitation platform integrated into the metasploit framework.