Rapid7 LLC, a provider of security risk intelligence solutions, launched Tuesday its Metasploit Pro 4.0, a penetration testing offering that enables defenders to respond to the changing threat landscape by identifying and understanding security holes in their enterprise infrastructure. This new version is designed to better meet enterprise needs by offering integrations with other elements of security risk intelligence ecosystems, a range of deployment models and a number of features for automated penetration testing. By reducing the cost and complexity of security testing, Metasploit Pro 4.0 enables enterprises to conduct broader and more frequent security audits to prevent data breaches.
“Organizations looking to reduce data breach risks need smarter and more efficient security risk intelligence. One way to get this is through frequent, broad-scale penetration testing,” said HD Moore, Rapid7’s chief security officer and Metasploit chief architect. “The new features of Metasploit Pro 4.0 make this a practical reality for defenders by automating penetration testing workflow steps, better integrating with vulnerability management solutions and introducing new interfaces for SIEM systems.”
Metasploit Pro 4.0 provides security professionals with a better view of their threat landscape by integrating with more than a dozen vulnerability management and Web application scanners, and by providing data to security information and event management (SIEM) systems through a documented interface. This enables defenders to identify vulnerabilities that could lead to a data breach and prioritize their remediation more effectively. Security teams increase their productivity by spending less time fixing unimportant vulnerabilities and have an effective way to verify that remediation was successful.
Rapid7’s vulnerability management solution, NeXpose offers better integration with Metasploit Pro through documented, supported APIs that enable Metasploit Pro users to schedule new vulnerability scans and leverage data from decentralized locations running NeXpose scans.
“Metasploit Pro is the tool of choice for our penetration testing team and something that has helped mature our information security program. We leverage Metasploit Pro heavily in order to be precise and strategic in what we go after, which has given us invaluable visibility into our tangible risk exposures,” said Dave Kennedy, chief information security officer of Diebold, a Rapid7 Metasploit Pro and NeXpose customer. “There are so many aspects that we love about Metasploit Pro, from the knowledge-sharing collaboration capabilities to the ability to reproduce vulnerabilities and exposures. We’re really looking forward to seeing even greater collaboration and automation features in the new version, as well as the increased capabilities and performance of Meterpreter.”
The new version also offers support for both public and private cloud deployments. Defenders leveraging the public cloud can now easily conduct external penetration tests from Metasploit Pro in the Amazon Elastic Compute Cloud (Amazon EC2). Metasploit Pro is available as an Amazon Machine Image (AMI) making external penetration tests from the cloud quick, easy and inexpensive. Organizations using virtualization technologies such as VMware vSphere to underpin a private cloud deployment can penetrate test remote sites.
The new capabilities in Metasploit Pro 4.0 now enable defenders to integrate security risk intelligence. The Metasploit Pro allows users to combine security information and event management (SIEM) system to improve dashboard information, import scan results from more than a dozen third-party Web application scanners and vulnerability assessment tools to prioritize vulnerabilities and eliminate false positives, increase productivity in the security team by integrating Metasploit Pro with NeXpose vulnerability management solutions to directly access vulnerabilities that need to be verified, automate verification of vulnerabilities and reporting through new programming interface and XML results, and document compliance with FISMA reports that map findings to controls and requirements.
The Metasploit Pro 4.0 can be installed on Windows, Ubuntu, or Red Hat Enterprise Linux, provision a VMware image to data centers with VMware vSphere, and host an AMI in Amazon EC2. It also helps to automatically gather evidence with customizable post-exploitation macros, re-establish dropped shells with persistent sessions and listeners, replay previously successful attacks to verify remediation, crack encrypted passwords offline, remotely control Metasploit Pro through a programming Interface (RPC API), and pull penetration testing reports from Metasploit Pro in an XML format.
Metasploit Pro 4.0 is based on the Metasploit Framework, the most widely used and mature penetration testing solution in the market with more than one million unique downloads and the world’s largest, public collection of quality-assured exploits. The Metasploit Framework is continuously updated and version 4.0 marks the inclusion of 36 new exploits, 27 new post-exploitation modules and 12 auxiliary modules, all added since the release of version 3.7.1 in May this year. These additions include nine new SCADA exploits, improved 64-bit Linux payloads, exploits for Firefox and Internet Explorer, full-HTTPS and HTTP Meterpreter stagers, and post-exploitation modules for dumping passwords from Outlook, WSFTP, CoreFTP, SmartFTP, TotalCommander, BitCoin and many other applications. For more information on the ongoing development of the Metasploit Framework, please visit the Metasploit blog.
In addition to Metasploit Pro, Rapid7 also offers Metasploit Express as an entry-level option for vulnerability verification and penetration testing. With a reduced feature set from Metasploit Pro, Metasploit Express is optimized for security professionals who need an accessible and affordable penetration testing solution to verify the findings of their vulnerability scanners without extensive training.
Metasploit Pro 4.0 is available from August this year.