Home      Order overview      Newsletter      Authors      About      Contact

 

BTSoftware BV

Software
Registration

 



  Desktop Tools

  File Managers

  Editors

  Utilities

  HTML/XML

  Email

  PDF Tools

  FTP

  Browsers

  Remote & Telnet

  Network Tools

  Internet

  Graphics

  Multi Media

  Flash

  Security

  Recovery

  Compression

  Disk/Backup

  System Tools

  Maintenance

  Databases

  Education

  Administration

  Development

  PDA/SmartPhone

 

Buy / Order

Pricing

Download

Version: 4.17.1-2020042701

Date: 5-2020

Metasploit Pro/Express

https://www.rapid7.com/products/metasploit/

Metasploit: PUT YOUR DEFENSES TO THE TEST

PENETRATION TESTING FOR OFFENSIVE SECURITY TEAMS
Knowing the adversary's moves helps you better prepare your defenses. Metasploit, backed by a community of 200,000 users and contributors, gives you that insight. It's the most impactful penetration testing solution on the planet. With it, uncover weaknesses in your defenses, focus on the highest risks, and improve your security outcomes.

Know Your Weak Points
It's vital to find your vulnerabilities before a malicious attacker does.

Utilize world's largest exploit database
Leading the Metasploit project gives Rapid7 unique insights into the latest attacker methods and mindset. Rapid7 works with the community to add an average of 1 new exploit per day, currently counting more than 1,300 exploits and more than 2,000 modules.

Simulate real-world attacks against your defenses
Metasploit evades leading anti-virus solutions 90% of the time and enables you to completely take over a machine you have compromised from over 200 modules. Pivot throughout your network to find out just how far an attacker can get.

Uncover weak and reused credentials
Test your network for weak and reused passwords. Going beyond just cracking operating system accounts, Metasploit Pro can run brute-force attacks against over 20 account types, including databases, web servers, and remote administration solutions. In addition, it can utilize specialized tools designed to expose credentials' scope and effectively gauge impact of an exposed credential.

Express version:
Express Baseline Penetration Tests
For IT Generalists in SMBs

  • Community features plus:
  • Smart Exploitation
  • Automated Credentials Brute Forcing
  • Baseline Penetration Testing Reports

Pro version:
Advanced Penetration Tests & Enterprise Security Programs
For Penetration Testers and IT Security Teams

  • Express features plus:
  • Wizards for standard baseline audits
  • Task chains for automated custom workflows
  • MetaModules for discrete tasks such as network segmentation testing
  • Dynamic payloads to evade leading anti-virus solutions
  • Full access to an internal network through a compromised machine with VPN pivoting
  • Closed-loop vulnerability validation to prioritize remediation
  • Phishing awareness management & spear phishing
  • Web app testing for OWASP Top 10 vulnerabilities
  • Choice of advanced command-line (Pro Console) and web interface
  • Integrations via Remote API

Use our penetration testing software to:

  • Validate security risks as part of your vulnerability management program.
  • Safely simulate attacks on your network to uncover security issues.
  • Verify your defenses, security controls and mitigation efforts.
  • Measure the effectiveness of your security awareness program.
  • Audit password security beyond Windows and Linux logins.

Rapid7 Metasploit 4.17.1-2020042701 release includes:

New Modules:

    The VMware vCenter Server vmdir Authentication Bypass auxiliary module: This module bypasses LDAP authentication in VMware vCenter Server's vmdir service to add an arbitrary administrator user. Version 6.7 prior to the 6.7U3f update is vulnerable.
  • The VMware vCenter Server vmdir Information Disclosure auxiliary module: This module uses an anonymous-bind LDAP connection to dump data from the vmdir service in VMware vCenter Server. Version 6.7 prior to the 6.7U3f update is vulnerable.
  • The Nexus Repository Manager Java EL Injection RCE exploit module: This module exploits CVE-2020-10199, an authenticated Java EL Injection RCE in Nexus Repository Manager 3.x for versions 3.21.1 and prior. Successful exploitation results in RCE as the user nexus.
  • The Vesta Control Panel Authenticated Remote Code Execution exploit module: This module exploits CVE-2020-10808, an authenticated command injection vulnerability within the v-list-user-backups script of Vesta Control Panel 0.9.8-26 and prior. Successful exploitation results in remote code execution as the root user.
  • The Liferay Portal Java Unmarshalling via JSONWS RCE exploit module: This module exploits CVE-2020-7961, a unauthenticated unmarshalling RCE in LifeRay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2. Successful exploitation results in remote code execution as the liferay user.
    • Improvements:

      • Windows Meterpreter: Windows Meterpreter's window enumeration capabilities were enhanced to support Unicode, display the window class, and to extract the values from password fields. It also updates the Teamviewer password extraction module to support this technique for obtaining credentials.
      • New productivity tips: Two new productivity tips were added to help you be more efficient.
        - sessions -1 - Use sessions -1 to interact with the last opened session.
        - how missing - Use show missing to view missing module options.

      Fixes:

      • Metasploit Framework Vulnerability: Rapid7 Metasploit Framework version 5.0.85 and earlier suffer from an instance of CWE-78: OS Command Injection, where the libnotify plugin accepts untrusted user-supplied data via a computer's hostname or service name. An attacker can create a specially crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator's terminal. Only the Metasploit Framework and products that expose the plugin system are susceptible to this issue. This does not include Rapid7 Metasploit Pro. This vulnerability cannot be triggered through a normal scan operation; the attacker would have to supply a file that is processed with the db_import command. This fixes vulnerability CVE-2020-7350.
      • Java Meterpreter Stability Fix: We fixed an issue with Java Meterpreter where payloads on Windows VM were showing failures. This was fixed by bumping the payload gem to bring in a fix for a race condition that existed in the filesystem library in the Java meterpreter.

      Please contact BTSoftware for Metasploit Pro pricing

Trial Download

Price information

Trial Download Request

Select Product / License Count / Delivery type

USD

EUR

GBP

Pricing is based on prepayment and excluding VAT / BTW / MwSt / TVA.

Please contact BTSoftware for Metasploit Pro pricing

To send in an order at BTSoftware,
please enable Javascript in your browser.

Buy / Order

Last updated : 22-02-2024

News:

[ 20220916 ]
BTSoftware BV is now reseller of SoftMaker

BTSoftware BV has partnered up with SoftMaker

[ 20211223 ]
BTSoftware and Parasoft reconfirm delivery agreements

BTSoftware has a long-standing relation with Parasoft.

[ 20211217 ]
BTSoftware BV officially partnered up with Lansweeper

Lansweeper continues to be available through BTSoftware since 2011

[ 20211013 ]
BTSoftware BV has added 7Edit to the product catalog

7Edit now available through BTSoftware BV

[ 20211013 ]
BTSoftware BV has added AOMEI Backupper to the product catalog

AOMEI Backupper now available through BTSoftware BV

[ 20210205 ]
BTSoftware BV has partnered up with Seagull Scientific

BTSoftware BV and Seagull Scientific are now partners

[ 20181231 ]
BTSoftware BV is now partner of Unified Compliance

BTSoftware BV and Unified Compliance are now partners

[ 20180215 ]
BTSoftware BV has partnered up with IronSoftware

BTSoftware BV and Iron Software are now partners

More ...