Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Rapid7 Updates Metasploit Pro, Enhances PCI Compliance Features

Rapid7 today announced upgrades to its Metasploit Pro penetration testing solution. The latest version (v3.6) adds an enhanced command-line feature set and detailed PCI reports with pass/fail information to provide users with a comprehensive view of compliance posture with PCI regulations.

Rapid7 today announced upgrades to its Metasploit Pro penetration testing solution. The latest version (v3.6) adds an enhanced command-line feature set and detailed PCI reports with pass/fail information to provide users with a comprehensive view of compliance posture with PCI regulations.

Rapid 7 Metasploit Express and the free, open source Metasploit Framework also saw several improvements with this release.

Since version 3.5.1, 14 exploits and 48 additional modules have been added to the Metasploit Framework, with the latest release brining the following features:

Metasploit Pro Console – The addition of advanced network discovery, automated exploitation, evidence collection, smart brute forcing, and reporting capabilities to the existing features of the Metasploit Console, the results are immediately visible through the standard Web interface, allowing collaboration between team members using a mix of GUI and Console interfaces.

PCI Reporting – New feature in Metasploit Pro generates reports for PCI DSS compliance with pass/fail information for applicable PCI DSS requirements. Metasploit Pro now includes a detailed, actionable report on an organization’s security posture regarding requirements two, six and eight, which include password and secure systems maintenance.

Project Activity Report – A feature found in Metasploit Pro and Metasploit Express, organizations can now create a PDF report on the exact tests they run at the technical level. This enables clients of a penetration testing firm to retrace the steps that led to a successful assignment.

Asset Tagging – An advanced feature of Metasploit Pro that allows users to freely assign tags to assets based on multiple criteria such as compliance, operation workflow and team collaboration on different operational units. Tags may be used to classify assets and document security findings, with direct integration into the reporting engine. This facilitates improved project management and reporting, in particular for large penetration testing engagements.

Global Search – Found in Metasploit Pro and Metasploit Express, global search benefits users working on teams across various projects, with the ability to now search for tags, host names, IP addresses and annotations across projects and team members. This advanced search makes it easier to find information from previous projects or from other team members.

Post-Exploitation Modules – Available in all Metasploit editions, includes more than a dozen modules that can be run on exploited systems to perform actions such as gathering additional information, pivoting to other networks and elevating system privileges. New post-exploitation modules can be added by Rapid7 as part of the weekly product update. In addition, Metasploit Pro and Metasploit Express provide the ability to run post-exploitation modules on multiple systems simultaneously.

“Many penetration testers told us they like the efficiency of the features in Metasploit Pro for network discovery, smart brute forcing and exploitation, but also enjoy the traditional command-line interface of the Metasploit Framework,” said HD Moore, Rapid7 CSO and Metasploit chief architect. “With this release, we’ve made these features available as part of a command-line interface to Metasploit Pro so seasoned penetration testing experts can work in the medium they are most comfortable with using.”

Rapid7 says the new features are available immediately.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...