Last updated at Wed, 03 Feb 2021 15:23:59 GMT

InsightVM and Nexpose customers can now harness the power of the Metasploit community to assess their exposure to the latest threats. The Feb. 3 release of InsightVM and Nexpose (version 6.6.63) includes a beta version of the Metasploit Remote Check Service, bringing Metasploit check method capabilities to Linux-based Scan Engines to enhance their remote vulnerability coverage capabilities.

The Metasploit community is well-known and highly regarded within the security space for being a community of experts. With this feature, Rapid7 is bringing this expertise to Linux Scan Engines.

Many vulnerabilities that can be exploited by Metasploit are low-hanging fruit for hackers and script kiddies. With the Metasploit Remote Check Service, your Scan Engines will be more capable of identifying these.

You don't have to worry about Metasploit running potentially harmful exploits against your endpoints; the Scan Engine will only ask it to perform safe checks. There is no ability to deliver offensive payloads.

How to enable the Metasploit Remote Check Service

Getting started with the Metasploit Remote Check Service is easy—simply run a console command once, and it leverages existing scan engines already deployed in your environment. For information on how to enable this beta feature, please see the product documentation

Windows Engine Support

Due to limited support of Metasploit on Windows, in this initial beta release we have focused on adding support for Linux Scan Engines only.

If you are only using Windows engines but you would like to try the Metasploit Remote Check Service feature, you may wish to try using the Scan Engine container image.

Initial Metasploit Remote Check Service content

As part of the initial beta program, we've focused on adding remote checks that improve visibility into misconfigured developer environments and services. Many of these are not covered by traditional VM tools, despite representing significant value to attackers.

We're including the following new vulnerability checks, which make use of the new Metasploit Remote Check Service to remotely assess assets:

We'd love to hear your feedback

Based on the success of this beta feature, more content will follow. If you have any feedback regarding this feature, please contact your Customer Success Manager or our Support team.


Get the latest stories, expertise, and news about security today.