Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Rapid7 Introduces Metasploit Pro Penetration Testing Tool

Rapid7, a Boston, Massachusetts based provider of vulnerability management and penetration testing solutions, today announced the availability of Metasploit Pro, its new software targeted to security professionals in enterprises, government agencies and consulting firms who need to test the security of networks.Metasploit Pro

Rapid7, a Boston, Massachusetts based provider of vulnerability management and penetration testing solutions, today announced the availability of Metasploit Pro, its new software targeted to security professionals in enterprises, government agencies and consulting firms who need to test the security of networks.Metasploit Pro

Metasploit Pro, priced at $15,000 per user annually, provides unrestricted remote network access and enables teams to collaborate on network penetration testing projects. Metasploit Pro offers additional functionality over Metasploit Express, its lower end solution priced at $3,000 per user annually, with support for security testing of custom Web applications, managing client-side campaigns against end-users and additional evasion features.

“Metasploit Pro completes our suite of penetration testing products and addresses the needs of the penetration testing expert who requires advanced features,” said Mike Tuchen, Rapid7 president and CEO.

The Metasploit Framework is a widely used solution, and according to Rapid7, users have downloaded Metaspolit over one million times in the past year. The company also claims Metaspolit has the world’s largest, public database for quality assured exploits.

To efficiently ensure the highest possible security of their IT infrastructure, enterprises need to prioritize the mitigation of vulnerabilities. Metasploit is the world’s only penetration testing solution that directly launches NeXpose vulnerability scans to verify vulnerabilities. Based on this enterprise risk scoring, organizations can make informed decisions about which vulnerabilities should be addressed first.

“With Metasploit Pro, my team can maximize the efficiency of our penetration tests while minimizing the number of tools we require. Metasploit Pro combines the power of the Metasploit Framework with a simple-to-use interface that allows us to hit the ground running,” said Joshua Brashars, senior security consultant at AppSec Consulting, an information security firm and a Rapid7 consulting partner.

Features of Metasploit Pro:

• Scans and exploits Web applications. Metasploit Pro enables users to scan and exploit both standard and custom Web applications, often the most publicly accessible server on the network. These can provide a pivot point into a database or further into the network.

• Runs social engineering campaigns. Metasploit Pro runs custom social engineering campaigns, including website cloning for phishing and emails with malicious attachments, to compromise end-user systems, providing additional attack vectors into the network.

Advertisement. Scroll to continue reading.

• Achieves unprecedented network access. Metasploit Pro can achieve unrestricted remote network access through a compromised host. Metasploit Pro’s VPN pivoting evades firewall restrictions and provides encrypted access into networks at the Ethernet level, providing the same capabilities as a physical network tap. As a result, penetration testers can run any network discovery tool, such as the NeXpose vulnerability scanner, through a compromised host as if they were directly connected to the internal network.

• Enables unique team collaboration. Metasploit Pro is the world’s first penetration testing solution that supports team collaboration to coordinate concerted attacks. Team members can see and search each other’s actions, progress and notes to make team efforts more efficient. Known hosts, credentials and hashes are automatically leveraged by other team members.

“With Metasploit Pro, we’ve delivered a solution for penetration testers who love the workflow of Metasploit Express but needed to go even further with their security assessments,” said HD Moore, Rapid7 CSO and Metasploit chief architect.

Available immediately, Metasploit Pro is priced at $15,000 annually per user.

Related Reading: Silly Kiddie, Exploits are for Free!

< Be Informed. Subscribe to the SecurityWeek Email Briefing Here >

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.