2 min
InsightCloudSec
What's New in DivvyCloud by Rapid7: April 2021
This month, we’d like to focus on one key area of change included in this release: the scheduler.
3 min
InsightCloudSec
DivvyCloud by Rapid7: Feature Release 20.7
This well-rounded release includes a new Microsoft Azure Security Pack, expanded support for Azure resources, added AWS support, and several enhancements applicable to all clouds.
2 min
Application Security
New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit
Things are always brewing in Rapid7 product development. Today, we’re excited to
announce several exciting new features in InsightAppSec, our cloud-powered
application security testing solution for modern web apps
[https://www.rapid7.com/products/insightappsec/].
These include:
* Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements
* PDF report generation
* The Rapid7 AppSec Toolkit * Macro Recorder
* Traffic Viewer
* RegEx Builder
* Swagger/Rest API Utilit
3 min
Release Notes
Weekly Metasploit Wrapup
Powershell? In my Meterpreter?
It's more likely than you think!
Hot on the heels of his fantastic Python extension, the legendary OJ Reeves has
once again busted out an awesome new ability for post-exploitation, this time by
putting a fully functional powershell inside your native Windows Meterpreter
sessions. Unlike the Python extension, which uploads an embedded interpreter,
the new powershell extension loads the .NET runtime from the victim system.
There's a lot of polish and more work to b
3 min
Release Notes
Weekly Metasploit Wrapup
Scanning for the Fortinet backdoor with Metasploit
Written by wvu
Metasploit now implements a scanner for the Fortinet backdoor. Curious to see
how to use it? Check this out!
wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL
msf > use auxiliary/scanner/ssh/fortinet_backdoor
msf auxiliary(fortinet_backdoor) > set rhosts 417.216.55.0/24
rhosts => 417.216.55.0/24
msf auxiliary(fortinet_backdoor) > set threads 100
threads => 100
msf auxiliary(fortinet_backdoor) > run
[*]
2 min
Release Notes
Weekly Metasploit Wrapup
I'm not your mother, clean up after yourself.
An old friend of mine, axis2deployer
[https://www.rapid7.com/db/modules/exploit/multi/http/axis2_deployer], is a fun
authenticated code execution
[/2016/01/03/12-days-of-haxmas-authenticated-code-execution-by-design] module
that takes advantage of Axis2's ability to deploy new applications on a web
server. It used to be a messy friend, leaving its files all over the living room
floor for you to clean up manually. As of #6457
[https://github.com/rapi
2 min
Release Notes
Weekly Metasploit Wrapup
Aaaaaand we're back! Last week was the first weekly update of the year and it
comes with a super fun stuff.
Tunneling
The latest update allows you to tunnel reverse_tcp sessions over a compromised
machine in a slightly less painful way. There is now a new datastore option,
ReverseListenerComm, which lets you tell a meterpreter session tunnel
connections back to your payload handler. Here's an example run to give you the
idea:
msf exploit(payload_inject) > show options
Module options (e
1 min
Metasploit Weekly Wrapup
Weekly Metasploit Wrapup
Welcome to the last Metasploit update of the year! Since January 1st, 2015,
we've had 6364 commits from 176 unique authors, closed 1119 Pull Requests, and
added 323 modules. Thank you all for a great year! We couldn't have done it
without you.
Sounds
The sounds plugin has been around for a long time, notifying hackers of new
shells via their speakers since 2010. Recently, Wei sinn3r Chen gave it a
makeover, replacing the old robotic voice with that of Offensive Security
founder, Kali Linux Core
2 min
Release Notes
Weekly Metasploit Wrapup
Python extension for Windows Meterpreter
Meterpreter offers some pretty powerful post-exploitation capabilities, from
filesystem manipulation to direct Windows API calls with railgun, and everything
in between.
One thing that's been missing for a long time is on-victim scripting. With this
update comes an experimental Python extension to remedy that. It's still in its
infancy, so expect some kinks to be worked out over the next few weeks, but it
is functional. OJ [https://twitter.com/thecolonia
1 min
Release Notes
Weekly Metasploit Wrapup
One of the greatest things about Metasploit is that it supports lots of
different protocols and technologies that you would otherwise need a huge
menagerie of tools to be able to talk to, an ever-expanding bubble of
interoperability that you didn't have to write. Due to some great ongoing work
by Bigendian Smalls [https://twitter.com/bigendiansmalls], the bubble is getting
even bigger, now encompassing shell sessions on mainframes. You can see the
beginnings in #6013 [https://github.com/rapid7/m
11 min
Metasploit
New Metasploit 4.9 Helps Evade Anti-Virus Solutions, Test Network Segmentation, and Increase Productivity for Penetration Testers
Metasploit 4.9 helps penetration testers evade anti-virus solutions, generate
payloads, test network segmentation, and generally increase productivity through
updated automation and reporting features. Since version 4.8, Metasploit has
added 67 new exploits and 51 auxiliary and post-exploitation modules to both its
commercial and open source editions, bringing our total module count up to
1,974. The new version is available immediately.
Generate AV-evading Dynamic Payloads
Malicious attackers u
5 min
Release Notes
Simplify Vulnerability Management with Nexpose 5.6
We are pleased to announce the next major release of Nexpose, version 5.6. This
release focuses on providing you the most impactful remediation steps to reduce
risk to your organization and extends our current configuration assessment
functionality.
New Look and Feel
The most visible change in Nexpose 5.6 is the new look and feel of the user
interface. The action header is now smaller to maximize screen space and
usability, and the new colour scheme makes it easier to focus on important areas
4 min
Metasploit
Metasploit Pro 4.6 Adds OWASP Top 10 2013 and Security Auditing Wizards
Today, we released Metasploit Pro 4.6, which brings you some awesome new
features for your enterprise security program.
Updated Web Application Security Testing with Support for OWASP Top 10 2013
Web applications are gaining more and more traction, both through internally
developed applications and by adding SaaS-based solutions. These applications
often contain some of the most confidential information in the organization,
such as financial and customer data, credit card numbers, medical data,
12 min
Metasploit
Metasploit 4.6.0 Released!
We just released Metasploit 4.6.0, so applying this week's update will get you
the brand new version. While Chris has a delightful blog post
[/2013/04/10/metasploit-adds-owasp-top-10-2013-and-penetration-test-wizards] of
what all is new in Metasploit Pro, let's take a look at what's exciting and new
between Metasploit 4.5.0 and today's update to 4.6.0.
138 new modules
First off, the hacker elves have been cranking out a ton of module content since
we released 4.5.0 back in December, 2012. Betw
4 min
Release Notes
Weekly Metasploit Update: Browser Autopwn 0-day, ICMP Exfiltration, LM Downgrading, and Reporting Speedups
Today marks the first Metasploit update of the new year, and it's been a little
while since the last, so there's a bumper crop of new modules; eighteen to be
precise.
Internet Explorer 0-day and Browser Autopwn
While we didn't ship an update over the holidays, that didn't stop @_sinn3r
[https://twitter.com/_sinn3r], @_juan_vazquez_
[https://twitter.com/_juan_vazquez_], @eromang [https://twitter.com/eromang],
@yomuds [https://twitter.com/yomuds], and @binjo [https://twitter.com/binjo]
from tea