InsightVM and Nexpose customers can now harness the power of the Metasploit community to assess their exposure to the latest threats. The Feb. 3 release of InsightVM and Nexpose (version 6.6.63) includes a beta version of the Metasploit Remote Check Service, bringing Metasploit check method capabilities to Linux-based Scan Engines to enhance their remote vulnerability coverage capabilities.
The Metasploit community is well-known and highly regarded within the security space for being a community of experts. With this feature, Rapid7 is bringing this expertise to Linux Scan Engines.
Many vulnerabilities that can be exploited by Metasploit are low-hanging fruit for hackers and script kiddies. With the Metasploit Remote Check Service, your Scan Engines will be more capable of identifying these.
You don't have to worry about Metasploit running potentially harmful exploits against your endpoints; the Scan Engine will only ask it to perform safe checks. There is no ability to deliver offensive payloads.
How to enable the Metasploit Remote Check Service
Getting started with the Metasploit Remote Check Service is easy—simply run a console command once, and it leverages existing scan engines already deployed in your environment. For information on how to enable this beta feature, please see the product documentation
Windows Engine Support
Due to limited support of Metasploit on Windows, in this initial beta release we have focused on adding support for Linux Scan Engines only.
If you are only using Windows engines but you would like to try the Metasploit Remote Check Service feature, you may wish to try using the Scan Engine container image.
Initial Metasploit Remote Check Service content
As part of the initial beta program, we've focused on adding remote checks that improve visibility into misconfigured developer environments and services. Many of these are not covered by traditional VM tools, despite representing significant value to attackers.
We're including the following new vulnerability checks, which make use of the new Metasploit Remote Check Service to remotely assess assets:
- Docker Daemon - Remote execution via unprotected TCP socket – Identify exposed docker TCP endpoints that provide attackers with the means to remotely execute system commands as root.
- Eclipse Equinox OSGi Console Command Execution – Identify exposed Eclipse OSGi console endpoints that allow attackers to execute arbitrary commands on the remote system.
- Github Enterprise Hardcoded Secret – Identify exposed Github Enterprise endpoints that use a hard-coded secret for session management.
- Hashicorp Consul Remote Command Execution via Rexec – Identify exposed Hashicorp consul endpoints that have the remote execution feature enabled.
- Hashicorp Consul Remote Command Execution via Services API – Identify exposed Hashicorp consul endpoints that expose their Services API to attackers.
- QNX qconn Command Execution – Identify exposed QNX endpoints that expose their qconn service to attackers.
- rConfig Install Command Execution – Identify exposed rConfig endpoints that allow attackers to remotely execute system commands via an HTTP GET request.
- Redis Replication Command Execution – Identify exposed redis endpoints that provide remote execution access to attackers via the service's extension functionality.
We'd love to hear your feedback
Based on the success of this beta feature, more content will follow. If you have any feedback regarding this feature, please contact your Customer Success Manager or our Support team.