Posts tagged Release Notes

2 min DivvyCloud

What's New in DivvyCloud by Rapid7: April 2021

This month, we’d like to focus on one key area of change included in this release: the scheduler.

3 min DivvyCloud

DivvyCloud by Rapid7: Feature Release 20.7

This well-rounded release includes a new Microsoft Azure Security Pack, expanded support for Azure resources, added AWS support, and several enhancements applicable to all clouds.

2 min Application Security

New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit

Things are always brewing in Rapid7 product development. Today, we’re excited to announce several exciting new features in InsightAppSec, our cloud-powered application security testing solution for modern web apps [https://www.rapid7.com/products/insightappsec/]. These include: * Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements * PDF report generation * The Rapid7 AppSec Toolkit * Macro Recorder * Traffic Viewer * RegEx Builder * Swagger/Rest API Utilit

3 min Release Notes

Weekly Metasploit Wrapup

Powershell? In my Meterpreter? It's more likely than you think! Hot on the heels of his fantastic Python extension, the legendary OJ Reeves has once again busted out an awesome new ability for post-exploitation, this time by putting a fully functional powershell inside your native Windows Meterpreter sessions. Unlike the Python extension, which uploads an embedded interpreter, the new powershell extension loads the .NET runtime from the victim system. There's a lot of polish and more work to b

3 min Release Notes

Weekly Metasploit Wrapup

Scanning for the Fortinet backdoor with Metasploit Written by wvu Metasploit now implements a scanner for the Fortinet backdoor. Curious to see how to use it? Check this out! wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL msf > use auxiliary/scanner/ssh/fortinet_backdoor msf auxiliary(fortinet_backdoor) > set rhosts 417.216.55.0/24 rhosts => 417.216.55.0/24 msf auxiliary(fortinet_backdoor) > set threads 100 threads => 100 msf auxiliary(fortinet_backdoor) > run [*]

2 min Release Notes

Weekly Metasploit Wrapup

I'm not your mother, clean up after yourself. An old friend of mine, axis2deployer [https://www.rapid7.com/db/modules/exploit/multi/http/axis2_deployer], is a fun authenticated code execution [/2016/01/03/12-days-of-haxmas-authenticated-code-execution-by-design] module that takes advantage of Axis2's ability to deploy new applications on a web server. It used to be a messy friend, leaving its files all over the living room floor for you to clean up manually. As of #6457 [https://github.com/rapi

2 min Release Notes

Weekly Metasploit Wrapup

Aaaaaand we're back! Last week was the first weekly update of the year and it comes with a super fun stuff. Tunneling The latest update allows you to tunnel reverse_tcp sessions over a compromised machine in a slightly less painful way. There is now a new datastore option, ReverseListenerComm, which lets you tell a meterpreter session tunnel connections back to your payload handler. Here's an example run to give you the idea: msf exploit(payload_inject) > show options Module options (e

1 min Metasploit Weekly Wrapup

Weekly Metasploit Wrapup

Welcome to the last Metasploit update of the year! Since January 1st, 2015, we've had 6364 commits from 176 unique authors, closed 1119 Pull Requests, and added 323 modules. Thank you all for a great year! We couldn't have done it without you. Sounds The sounds plugin has been around for a long time, notifying hackers of new shells via their speakers since 2010. Recently, Wei sinn3r Chen gave it a makeover, replacing the old robotic voice with that of Offensive Security founder, Kali Linux Core

2 min Release Notes

Weekly Metasploit Wrapup

Python extension for Windows Meterpreter Meterpreter offers some pretty powerful post-exploitation capabilities, from filesystem manipulation to direct Windows API calls with railgun, and everything in between. One thing that's been missing for a long time is on-victim scripting. With this update comes an experimental Python extension to remedy that. It's still in its infancy, so expect some kinks to be worked out over the next few weeks, but it is functional. OJ [https://twitter.com/thecolonia

1 min Release Notes

Weekly Metasploit Wrapup

One of the greatest things about Metasploit is that it supports lots of different protocols and technologies that you would otherwise need a huge menagerie of tools to be able to talk to, an ever-expanding bubble of interoperability that you didn't have to write. Due to some great ongoing work by Bigendian Smalls [https://twitter.com/bigendiansmalls], the bubble is getting even bigger, now encompassing shell sessions on mainframes. You can see the beginnings in #6013 [https://github.com/rapid7/m

11 min Metasploit

New Metasploit 4.9 Helps Evade Anti-Virus Solutions, Test Network Segmentation, and Increase Productivity for Penetration Testers

Metasploit 4.9 helps penetration testers evade anti-virus solutions, generate payloads, test network segmentation, and generally increase productivity through updated automation and reporting features. Since version 4.8, Metasploit has added 67 new exploits and 51 auxiliary and post-exploitation modules to both its commercial and open source editions, bringing our total module count up to 1,974. The new version is available immediately. Generate AV-evading Dynamic Payloads Malicious attackers u

5 min Release Notes

Simplify Vulnerability Management with Nexpose 5.6

We are pleased to announce the next major release of Nexpose, version 5.6.  This release focuses on providing you the most impactful remediation steps to reduce risk to your organization and extends our current configuration assessment functionality. New Look and Feel The most visible change in Nexpose 5.6 is the new look and feel of the user interface.  The action header is now smaller to maximize screen space and usability, and the new colour scheme makes it easier to focus on important areas

4 min Metasploit

Metasploit Pro 4.6 Adds OWASP Top 10 2013 and Security Auditing Wizards

Today, we released Metasploit Pro 4.6, which brings you some awesome new features for your enterprise security program. Updated Web Application Security Testing with Support for OWASP Top 10 2013 Web applications are gaining more and more traction, both through internally developed applications and by adding SaaS-based solutions. These applications often contain some of the most confidential information in the organization, such as financial and customer data, credit card numbers, medical data,

12 min Metasploit

Metasploit 4.6.0 Released!

We just released Metasploit 4.6.0, so applying this week's update will get you the brand new version. While Chris has a delightful blog post [/2013/04/10/metasploit-adds-owasp-top-10-2013-and-penetration-test-wizards] of what all is new in Metasploit Pro, let's take a look at what's exciting and new between Metasploit 4.5.0 and today's update to 4.6.0. 138 new modules First off, the hacker elves have been cranking out a ton of module content since we released 4.5.0 back in December, 2012. Betw

4 min Release Notes

Weekly Metasploit Update: Browser Autopwn 0-day, ICMP Exfiltration, LM Downgrading, and Reporting Speedups

Today marks the first Metasploit update of the new year, and it's been a little while since the last, so there's a bumper crop of new modules; eighteen to be precise. Internet Explorer 0-day and Browser Autopwn While we didn't ship an update over the holidays, that didn't stop @_sinn3r [https://twitter.com/_sinn3r], @_juan_vazquez_ [https://twitter.com/_juan_vazquez_], @eromang [https://twitter.com/eromang], @yomuds [https://twitter.com/yomuds], and @binjo [https://twitter.com/binjo] from tea