In today's Whiteboard Wednesday, Chris Kirsch talks about the latest Metasploit 4.6 release and all it has to offer. Here is a hint - Metasploit 4.6 is easier than ever to use! Whether you need to run a quick pen test, audit your web applications or conduct a phishing campaign, the new Metasploit 4.6 release makes it quick and easy to setup. It's like Wizardry or something!
Read Video Transcript
Hello, and welcome to this Whiteboard Wednesday here at Rapid7. My name is Chris Kirsch. I work on the Metasploit Team. Today I would like to talk to you about Metasploit 4.6, which we just released.
Metasploit 4.6 introduces a new concept of wizards that we've added. For example, if you would like to conduct a quick pen test to audit your network or audit your web applications or run a phishing campaign, it's now very, very easy. All you need to do is start the wizard. It will create a new project, and you're good to go. Very easy and quick way to start.
Why are we doing this? Well, we thought about the fact that there is a global shortage of security professionals. What does that mean for you? Well, if you are a security professional, it means that it's actually a very tough job right now. You've got a ton of things on your plate. You're very busy. You're getting pulled in all directions, because your manager is finding it tough to hire people.
If you are a manager and trying to hire people, that means it's very hard to find folks, and also they are going to be very expensive. You want them to be as productive as they can be. By making Metasploit Pro more usable, it's easier for people to use it. Also, it will be faster for them to complete their job, so they'll increase productivity, become more effective. Also, if you would like to ramp up new resources, who haven't worked with Metasploit who are new to IT security, it'll also mean less training because the learning curve is flatter.
We've also thought about coverage in Metasploit 4.6, and we're seeing that the global threat landscape is really evolving. So what we've done is we've added the OWASP Top Ten 2013 which were just published. Those were added to the web app scanning engine. We've kind of revamped the entire interface here.
One interesting thing that we've added is a special type of SQL injection that will not really get you access to the database only, which most SQL injections do, but will actually get you root access to the entire machine and compromise the machine. You can then breach the machine much further than you would in a regular SQL injection.
If this interests you and you'd like to find out more, please download Metasploit at http://www.rapid7.com/products/metasploit/download.jsp or update your existing Metasploit installation on Windows, Red Hat, Ubuntu, or now Kali Linux. Thank you.