Metasploit Framework for Professionals engaged in Offensive Security
Knowing the adversary’s moves helps you prepare your defenses more efficiently. Metasploit is backed by a community of 200,000 users and contributors and gives you insights into the real world of the hacker. Metasploit Framework allows you and your team to uncover weaknesses in your defenses, focus on the highest risks, and improve your security outcomes.
Utilise world’s largest exploit database
Leading the Metasploit project gives Rapid7 unique insights into the latest attacker methods and mindset. Rapid7 works with the community to add an average of 1 new exploit per day. The current tally is more than 1,300 exploits and more than 2,000 modules.
Uncover weak and reused credentials
Test your network for weak and reused passwords. Going beyond just cracking operating system accounts, Metasploit Pro can run brute–force attacks against over 20 account types that include databases, web servers, and remote administration solutions. It can deploy specialised vulnerability exposure tools that expose compromised credentials and gauge the exposure this poses to overall security.
Pinpoint weak links in the attack chain
Hackers use multiple techniques and vectors to breach your systems quickly and efficiently. With Metasploit Pro, you can simulate attacks that emulate the adversarial behaviour you will encounter in the real world and discover security risks.
Closed-loop integration with Nexpose for remediation
When other departments question the validity of scan results, demonstrate that a vulnerability puts systems and data at risk of compromise. You’ll receive support for remediation measures and build credibility with stakeholders. Metasploit and Nexpose provide the only closed-loop validation solution from a single vendor, simplifying vulnerability prioritisation and remediation reporting.
Complete compliance programs faster
Generate reports to show your findings and sort them by regulations such as PCI DSS and FISMA. Verify that remediations or compensating controls implemented to protect systems are operational and effective. Create vulnerability exceptions based on hard evidence that easily pass your next audit. Automatically record actions and findings from your network and application–layer assessment to save valuable time otherwise spent on cutting and pasting.
Simulate real-world attacks against your defenses
Metasploit evades leading anti-virus solutions 90% of the time and enables you to commandeer a machine you have compromised. Pivot throughout your network to find out the weaknesses that poses for an attacker.
Set risk based Priorities
Finding your weak points is only half the battle. As a penetration tester, it is your job to perform a thorough assessment and communicate what needs to be done to reduce the risk of a breach.
Drive Better Security Program Development
Time is of the essence. Automation, proactive user education, and advanced reporting will enhance your team’s efficiency, productivity, and success.
Run penetration projects at scale
Conducting an assessment and managing data in networks with over 100 hosts can be challenging. Metasploit Pro scales to support thousands of hosts per project on engagements and multiple penetration testers. Automate penetration testing steps with Task Chains and MetaModules to improve productivity.
Reduce user risk using phishing campaigns and education
Send and track emails to thousands of users with Metasploit Pro’s scalable phishing campaigns. Clone web application login pages with one click to harvest credentials. Measure conversion rates at each step in the phishing campaign funnel. When users take a dangerous action, they can be redirected to a training site on the spot. With InsightUBA, any users who have been phished will also be automatically added to the InsightUBA watch list.