Last updated at Wed, 26 Jul 2017 15:19:25 GMT
We love it, our beta testers loved it, and we trust you will as well: today we're introducing Metasploit Pro, our newest addition to the Metasploit family, made for penetration testers who need a bigger, and better, bag of tricks.
Metasploit Pro provides advanced penetration testing
capabilities, including web application exploitation and social
The feedback from our beta testers has been fantastic, most people loved how easily they can conduct Web application scanning and exploitation with Metasploit Pro. Unlike conventional Web application scanners that scan one server at a time, Metasploit Pro finds all Web servers on an entire network, then audits and exploits all of them at the push of a button.
Beta testers also loved its new social engineering campaigns, which enable you to simulate attacks on the network using email and USB thumb drives. My jaw dropped when I first saw HD Moore clone “a popular music distribution website” using Metasploit Pro in our first internal sneak peek. If you want to check it out, watch HD's presentation at SecTor next weekin Toronto.
My personal favorites are team collaboration and VPN pivoting, simply because they haven't been done before. When working in teams, many penetration testers find it difficult to share interim results and consolidate their findings at the end of an assignment. With Metasploit Pro, you can collaborate to divide and conquer the network, building on each other's strengths and pooling findings so that they can be used by everyone. And, at the end, all findings are consolidated in a single report.
My second pet feature is VPN pivoting. It is different from the proxy pivoting you may have used so far, which is limited to routing connections from within Metasploit, and only supports basic UDP and TCP sessions. By contrast, Metasploit Pro's VPN pivoting provides a virtual Ethernet interface into the remote network through the compromised machine. This enables you to route any traffic, from any tool, through the compromised target. With VPN pivoting, you can run a vulnerability scanner such as NeXpose through a target as if you were plugged into the local network. No other tool offers this functionality.
In a nutshell, Metasploit Pro enables you to take an earlier flight home after your penetration testing assignment. You'll be more competitive and see more of your family. If you'd like to give your new life a try, download a free, fully featured Metasploit Pro trial version.