Metasploit: PUT YOUR DEFENSES TO THE TEST
PENETRATION TESTING FOR OFFENSIVE SECURITY TEAMS
Knowing the adversary's moves helps you better prepare your defenses. Metasploit, backed by a community of 200,000 users and contributors, gives you that insight. It's the most impactful penetration testing solution on the planet. With it, uncover weaknesses in your defenses, focus on the highest risks, and improve your security outcomes.
Know Your Weak Points
It's vital to find your vulnerabilities before a malicious attacker does.
Utilize world's largest exploit database
Leading the Metasploit project gives Rapid7 unique insights into the latest attacker methods and mindset. Rapid7 works with the community to add an average of 1 new exploit per day, currently counting more than 1,300 exploits and more than 2,000 modules.
Simulate real-world attacks against your defenses
Metasploit evades leading anti-virus solutions 90% of the time and enables you to completely take over a machine you have compromised from over 200 modules. Pivot throughout your network to find out just how far an attacker can get.
Uncover weak and reused credentials
Test your network for weak and reused passwords. Going beyond just cracking operating system accounts, Metasploit Pro can run bruteï¿½??force attacks against over 20 account types, including databases, web servers, and remote administration solutions. In addition, it can utilize specialized tools designed to expose credentials' scope and effectively gauge impact of an exposed credential.
Express Baseline Penetration Tests
For IT Generalists in SMBs
- Community features plus:
- Smart Exploitation
- Automated Credentials Brute Forcing
- Baseline Penetration Testing Reports
Advanced Penetration Tests & Enterprise Security Programs
For Penetration Testers and IT Security Teams
- Express features plus:
- Wizards for standard baseline audits
- Task chains for automated custom workflows
- MetaModules for discrete tasks such as network segmentation testing
- Dynamic payloads to evade leading anti-virus solutions
- Full access to an internal network through a compromised machine with VPN pivoting
- Closed-loop vulnerability validation to prioritize remediation
- Phishing awareness management & spear phishing
- Web app testing for OWASP Top 10 vulnerabilities
- Choice of advanced command-line (Pro Console) and web interface
- Integrations via Remote API
Use our penetration testing software to:
- Validate security risks as part of your vulnerability management program.
- Safely simulate attacks on your network to uncover security issues.
- Verify your defenses, security controls and mitigation efforts.
- Measure the effectiveness of your security awareness program.
- Audit password security beyond Windows and Linux logins.
Metasploit 4.14.2 is here! Metasploit updates are released to help protect your environment against evolving security threats.
Rapid7 Metasploit 4.14.2 release includes:
- The Tuleap 9.6 Second-Order PHP Object Injection module: This module exploits CVE-2017-7411, which targets a second order PHP object injection vulnerability in Tuleap to execute arbitrary code with the permissions of the webserver.
- The Pyrotechnic Devices module: This post-module allows you to query a vehicle's Pyrotechnic Control Unit to attempt to enable the deployment capability of pyrotechnic devices, such as airbags, battery clamps, etc.
- The Polycom Shell HDX Series Traceroute Command Execution module: This module allows you to execute arbitrary commands on Polycom HDX series devices. It's been tested on firmware versions 3.0.3 and 3.1.10.
Please contact BTSoftware for Metasploit Pro pricing