Metasploit For The Masses

  /     /     /  
Publicated : 22/11/2024   Category : security


Metasploit For The Masses


New version of free Metasploit tool aimed at newbie penetration testers



Two years after Rapid7 acquired the Metasploit Project, the company has rolled out a free and more user-friendly version of the open-source tool that is aimed at less technical users.
The new Metasploit Community Edition is a combination of the popular open-source Metasploit Framework and a basic version of the user interface of Rapid7s Metasploit Pro commercial product.
HD Moore, Rapid7s CSO and chief architect for Metasploit, says the free pen-testing tool features a new user interface and automation of tasks to make penetration testing more approachable for organizations and users not necessarily versed in penetration testing. Theres a growing number of organizations that want to get started with pen testing, either for compliance reasons or just to test it out, he says.
Theres a huge number who want to dip their toe into security and dont want a complex learning curve. They just want to test it, and some are scared to test it, says Moore, who is also the creator of Metasploit. [Now] they can get familiar with Metasploit ... and make sure they can prioritize vulnerabilities and other security issues, he says.
It was two years ago today that Rapid7 announced it had
purchased Moores open-source Metasploit pen-testing tool project
, and that Moore had joined the company and was remaining in charge of the project.
For Rapid7, the goal was to leverage Metasploits exploit technology to help identify which vulnerabilities found by its NeXpose vulnerability-management tool were actually exploitable. But the deal also gave Metasploit full-time resources, something Moore says has helped propel the project and technology much further than he and its contributors could have done during after-hours. It also gave Metasploit a real commercial presence: Rapid7
rolled out an enterprise version of Metasploit -- Metasploit Pro
-- last year, and later, Metasploit Express, Rapid7s commercial tool with a full GUI and automated exploitation and reporting for enterprises.
Moore says Metasploit contributors from the open-source community continue to add creative features and functions to the tool at a rapid clip. And since Rapid7 purchased Metasploit, the code base has grown 156 percent.
Meanwhile, Metasploit Community comes with network-discovery features and is integrated with vulnerability scanners including Rapid7s NeXpose, as well as Nmap and other tools. It also identifies which bugs are actually exploitable, and includes an exploit module browser.
Moore says more organizations are conducting pen tests, and pen-testing engagements are getting larger and more frequent. Waiting until the fourth quarter for the next pen test doesnt cut it [anymore], for example, he says.
It goes to show that Metasploit continues to lead the way in keeping their community involved, whereas other projects have went closed source and cut community ties, says David Maynor, CTO for Errata Security, of the Metasploit Community release.
Maynor, who conducts pen-testing engagements for his firms clients, says cost-cutting is a reality today for many organizations. Saving money is good business. The more you can automate something like a pen test, the better, Maynor says. The danger comes in not being able to evaluate the results correctly.
Metasploit Community is available for download
here
.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Metasploit For The Masses