Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Rapid7 Introduces Metasploit Pro Penetration Testing Tool

Rapid7, a Boston, Massachusetts based provider of vulnerability management and penetration testing solutions, today announced the availability of Metasploit Pro, its new software targeted to security professionals in enterprises, government agencies and consulting firms who need to test the security of networks.Metasploit Pro

Rapid7, a Boston, Massachusetts based provider of vulnerability management and penetration testing solutions, today announced the availability of Metasploit Pro, its new software targeted to security professionals in enterprises, government agencies and consulting firms who need to test the security of networks.Metasploit Pro

Metasploit Pro, priced at $15,000 per user annually, provides unrestricted remote network access and enables teams to collaborate on network penetration testing projects. Metasploit Pro offers additional functionality over Metasploit Express, its lower end solution priced at $3,000 per user annually, with support for security testing of custom Web applications, managing client-side campaigns against end-users and additional evasion features.

“Metasploit Pro completes our suite of penetration testing products and addresses the needs of the penetration testing expert who requires advanced features,” said Mike Tuchen, Rapid7 president and CEO.

The Metasploit Framework is a widely used solution, and according to Rapid7, users have downloaded Metaspolit over one million times in the past year. The company also claims Metaspolit has the world’s largest, public database for quality assured exploits.

To efficiently ensure the highest possible security of their IT infrastructure, enterprises need to prioritize the mitigation of vulnerabilities. Metasploit is the world’s only penetration testing solution that directly launches NeXpose vulnerability scans to verify vulnerabilities. Based on this enterprise risk scoring, organizations can make informed decisions about which vulnerabilities should be addressed first.

“With Metasploit Pro, my team can maximize the efficiency of our penetration tests while minimizing the number of tools we require. Metasploit Pro combines the power of the Metasploit Framework with a simple-to-use interface that allows us to hit the ground running,” said Joshua Brashars, senior security consultant at AppSec Consulting, an information security firm and a Rapid7 consulting partner.

Features of Metasploit Pro:

• Scans and exploits Web applications. Metasploit Pro enables users to scan and exploit both standard and custom Web applications, often the most publicly accessible server on the network. These can provide a pivot point into a database or further into the network.

• Runs social engineering campaigns. Metasploit Pro runs custom social engineering campaigns, including website cloning for phishing and emails with malicious attachments, to compromise end-user systems, providing additional attack vectors into the network.

• Achieves unprecedented network access. Metasploit Pro can achieve unrestricted remote network access through a compromised host. Metasploit Pro’s VPN pivoting evades firewall restrictions and provides encrypted access into networks at the Ethernet level, providing the same capabilities as a physical network tap. As a result, penetration testers can run any network discovery tool, such as the NeXpose vulnerability scanner, through a compromised host as if they were directly connected to the internal network.

• Enables unique team collaboration. Metasploit Pro is the world’s first penetration testing solution that supports team collaboration to coordinate concerted attacks. Team members can see and search each other’s actions, progress and notes to make team efforts more efficient. Known hosts, credentials and hashes are automatically leveraged by other team members.

“With Metasploit Pro, we’ve delivered a solution for penetration testers who love the workflow of Metasploit Express but needed to go even further with their security assessments,” said HD Moore, Rapid7 CSO and Metasploit chief architect.

Available immediately, Metasploit Pro is priced at $15,000 annually per user.

Related Reading: Silly Kiddie, Exploits are for Free!

< Be Informed. Subscribe to the SecurityWeek Email Briefing Here >

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.