Metasploit

• • Automate repetitive tasks and test using multi-level attacks.
  • Cover all potential attack vectors; web applications, network and endpoints as well as email.
  • Leverage the Metasploit Framework using the world’s largest database of assured exploits.
  • Increase success working with tem members in orchestrated network testing.
  • Advanced reporting for executives, audit and technical staff.

Metasploit enables teams to collaborate for concerted attacks. Team members can see and search each other's action, progress, and notes to make Red Team efforts more efficient.

For example, after you have started with the discovery, you can take care of bruteforcing machines while your colleagues emulate smart exploit attacks against the discovered hosts, pivot from compromised machines, and launch social engineering campaigns against the user base. Team members can share and search notes on hosts, for example indicating the role of a particular machine on the network. Known credentials and hashes are automatically leveraged by other team members.

When working on various penetration testing assignments at the same time, target infrastructures can be segregated into different projects and users can be assigned to each project. Read-only accounts can be set up for team leaders or customers who want to monitor the progress and results of an assignment.

Metasploit is built on a symbiotic architecture of the open source framework with commercial software additions that bring a graphical user interface, workflows, and advanced attack capabilities.

Rapid7 is uniquely positioned to offer a best-in-class product cost effectively by leveraging a large community security professionals and researchers. And, the commercial editions of Metasploit fuel the ongoing development of the free, open source framework - a great symbiosis.

The Metasploit Framework, with its many modules, is written entirely in Ruby and offers a command line only. The commercial editions of Metasploit, such as Metasploit Express and Metasploit Pro, add a graphical Web-based interface based on Apache Web server. Users can connect to the server locally or over the network. Metasploit Pro supports the connection by several users simultaneously to enable concerted penetration testing efforts. In such team situations, team members can route traffic through a central instance of Metasploit and further through compromised targets.

Rapid 7 and the Metasploit community constantly expand the exploit database, covering 565+ unique CVEs, wide range of targets with 551+ remote exploits, 261+ auxiliary modules and hundreds of payloads.

Easy to use GUI and streamlining of pen testing workflows for scanning, brute-forcing and exploitation, social engineering - with shell and VPN pivoting - get deeper into the network.

With Metasploit you can coordinate teams for orchestrated attacked. Online and offline reporting capability with detailed vulnerability and remediation information.

All Metasploit exploits are remote so they can be executed over the network.

• Rapid7 offers 3 versions of Metasploit
  • Metsapolit Pro for Penetration testing teams
  • Metasploit Express for individual pen testers and security verification purposes
  • Metasploit Framework - open source - for those who don’t require Command Line and Workflows.