2 min
Nexpose
Adaptive Security: Rapid7 Critical Vulnerability Category
Starting this week, we have added a new vulnerability category: Rapid7 Critical.
When we examine a typical vulnerability, each vulnerability comes with various
pieces of information such as CVE id, CVSS score, and others. These pieces of
information can be very handy especially when you set up Automated Actions in
Nexpose. Here is an example:
As you can see the example on the right, this trigger will initiate a scan
action if there is a new coverage available that meets the criteria of CVSS
2 min
Metasploit
Now Officially Supporting Kali Linux 2.0
In August, we were getting a lot of questions about Kali 2. I have answered some
questions in Metasploit on Kali Linux 2.0
[/2015/08/12/metasploit-on-kali-linux-20] blog post in the past. Today, I am
pleased to announce that we extend our official platform support to three new
operating systems which are now listed in Metasploit System Requirements
[http://www.rapid7.com/products/metasploit/system-requirements.jsp] page:
* Kali Linux 2.0
* Red Hat Enterprise Server 7.1 or later
* Microsoft W
2 min
Metasploit
Metasploit on Kali Linux 2.0
As you are aware, Kali 2.0
[https://www.kali.org/releases/kali-linux-20-released/] has been released this
week and getting quite a bit of attention, as it should. Folks behind Kali have
worked really hard to bring you the new version of Kali Linux that everyone is
excited about. If you have already started to play with the new version, you
probably have realized that something is different, that is; Metasploit
Community / Pro is no longer installed by default.
Where is Metasploit Community / Pr
2 min
Ruby on Rails
Metasploit Framework Rails 4.0 Upgrade
It is always a running battle to keep an application's backend up to date with
various technologies. Today, we are excited to announce that Metasploit
Framework now ships with Rails 4.0. Upgrades like this are sometimes hard to get
excited about because if everything goes well, users should see no difference.
There are many reasons to upgrade to Rails 4, though.
Why Upgrade
Here are the important reasons to upgrade from our perspective:
* Security is a big part of why we have to keep our code
7 min
PCI
Webcast Followup: Escalate Your Efficiency
Last week, we had a live webcast to talk about how Metasploit Pro helps
pentesters be more efficient and save time. There were so many attendees, which
made it possible to have great conversation. First of all, I want to thank you
folks who have taken the time from their busy schedules to watch us live. There
were many questions our viewers asked us, and we were not able to answer all of
them due to time limitations. In this post, you will find the answers for those
questions.
First things fir
3 min
Metasploit
Credentials --> Compromises | Rinse and Repeat
1 Attack Vector: Credentials
According to the Verizon Data Breach Investigations Report
[http://www.verizonenterprise.com/DBIR/2014/], credentials are the number #1
attack vector used to compromise networks. This news comes with no surprises.
Credentials have been and most likely will continue to be one of the top attack
vectors for years to come.
With credentials-based attacks becoming exponentially more topical, it's become
more critical than ever to focus on credentials management and reuse.
4 min
Metasploit
Being Product Manager of Metasploit
Hello World
My name is Eray Yilmaz, and I am the new Product Manager of Metasploit. It has
been three months since I have joined Rapid7, and I wanted to share my
experiences with you so far. Before we get to that, here is tiny bit about
myself:
I am a 28, married, and fairly new father. I went to UTSA where I majored in
Information Assurance and Information Systems, and received my B.B.A. Like
anyone else in our industry, I have done my fair share of IT work, from helpdesk
to managing networks
4 min
Metasploit
HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301)
Overview
The Update (2014122301) which was released on December, 23th 2014, failed to
include necessary files for the application to update to version 4.11.0 for the
first time.
Issue
The application will not start, therefore browser will provide generic "The page
can't be displayed" message when trying to load the web UI.
Additionally, various log messages may appear in respective log files.
Windows: C:\metasploit\apps\pro\engine\prosvc.log
Linux: /opt/metasploit/apps/pro/engine/prosvc_stder