2 min
InsightCloudSec
What's New in DivvyCloud by Rapid7: April 2021
This month, we’d like to focus on one key area of change included in this release: the scheduler.
2 min
Application Security
New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit
Things are always brewing in Rapid7 product development. Today, we’re excited to
announce several exciting new features in InsightAppSec, our cloud-powered
application security testing solution for modern web apps
[https://www.rapid7.com/products/insightappsec/].
These include:
* Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements
* PDF report generation
* The Rapid7 AppSec Toolkit * Macro Recorder
* Traffic Viewer
* RegEx Builder
* Swagger/Rest API Utilit
3 min
Release Notes
Weekly Metasploit Wrapup: March 14, 2016
Scanning for the Fortinet backdoor with Metasploit
Written by wvu
Metasploit now implements a scanner for the Fortinet backdoor. Curious to see
how to use it? Check this out!
wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL
msf > use auxiliary/scanner/ssh/fortinet_backdoor
msf auxiliary(fortinet_backdoor) > set rhosts 417.216.55.0/24
rhosts => 417.216.55.0/24
msf auxiliary(fortinet_backdoor) > set threads 100
threads => 100
msf auxiliary(fortinet_backdoor) > run
[*]
5 min
Release Notes
Simplify Vulnerability Management with Nexpose 5.6
We are pleased to announce the next major release of Nexpose, version 5.6. This
release focuses on providing you the most impactful remediation steps to reduce
risk to your organization and extends our current configuration assessment
functionality.
New Look and Feel
The most visible change in Nexpose 5.6 is the new look and feel of the user
interface. The action header is now smaller to maximize screen space and
usability, and the new colour scheme makes it easier to focus on important areas
4 min
Release Notes
Configuration assessment and policy management in Nexpose 5.2
We love our policy Dashboards. They are new, hot, intuitive, robust and really
useful. In our latest release of Nexpose, version 5.2, we've made two major
enhancements to our configuration assessment capabilities:
* A policy overview dashboard: To understand the current status of compliance
of configurations delivering a summary of the policy itself.A policy rule
dashboard: To provide further details for a particular rule and the current
compliance status for that rule.
What makes th
1 min
Release Notes
SOC Monkey - FREE and in the App Store now!
The name's Monkey. SOC Monkey.
I'm here to provide you with a new free app for the iPhone/iPad/iPod Touch that
will search through infosec topics that are trending on the social web. I'll
also rank them based on what the biggest news items and hottest topics are, so
you can make sure to get your banana's worth.
Now, I'm not going to just barrage you with links. I'm going to use my
incredibly advanced simian brain to curate these news items, so you can focus
more on what you need to get don
3 min
Release Notes
Nexpose Reaches OWASP Top10 Coverage
Rapid7 is proud to announce that Nexpose's 5.1 web application scanning
capabilities can now detect all types of vulnerabilities in OWASP's Top10
[https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project]! We've
completed this task with the addition of two new vulnerability checks, A5:
Cross-Site Request Forgery (CSRF)
[https://www.owasp.org/index.php/Top_10_2010-A5] and A8: Failure to Restrict
URL
Access [https://www.owasp.org/index.php/Top_10_2010-A8] . The next paragraphs
will describe
2 min
Release Notes
Metasploit Framework Updated: FastLib and More
Metasploit development moves fast. Blindingly fast, fueled by tons of open
source contributors -- which is one of the reasons why we moved away from our
tried and true SVN repository and on to GitHub. Now that we're on a more modern,
more social development platform, we have all new ways to get overwhelmed with
the pace of change on the Framework, especially since contributor code is that
much easier to integrate now. So, in order to ensure that the more notable
week-over-week changes get their
3 min
Release Notes
Exploit for critical Java vulnerability added to Metasploit
@_sinn3r [http://twitter.com/_sinn3r] and Juan Vasquez
[https://twitter.com/#!/_juan_vazquez_] recently released a module which
exploits the Java vulnerability detailed here
[http://schierlm.users.sourceforge.net/CVE-2011-3544.html] by mihi and by Brian
Krebs here
[http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits].
This is a big one. To quote Krebs: "A new exploit that takes advantage of a
recently-patched critical security flaw in Java is making the rounds in the
cri
3 min
Release Notes
Metasploit Framework 4.0 Released!
It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and
the first release under the Rapid7 banner was almost 2 years ago. Since then,
Metasploit has really spread its wings. When 3.0 was released, it was under a
EULA-like license with specific restrictions against using it in commercial
products. Over time, the reasons for that decision became less important and the
need for more flexibility came to the fore; in 2008, we released Metasploit 3.2
under a 3-clause BSD licen
1 min
Release Notes
Metasploit Framework 3.7.2 Released!
It's that time again! The Metasploit team is proud to announce the immediate
release of the latest version [http://metasploit.com/download/] of the
Metasploit Framework, 3.7.2. Today's release includes eleven new exploit modules
and fifteen post modules for your pwning pleasure. Adding to Metasploit's
well-known hashdump capabilities, now you can easily steal password hashes from
Linux, OSX, and Solaris. As an added bonus, if any of the passwords were hashed
with crypt_blowfish (which is the d
2 min
Release Notes
w3af - And now, with a stable core
Since our latest w3af release in mid January
[/2011/01/19/w3af-10-rc5-better-stronger-faster], and our new windows installer
release a couple of months ago, we've got lots of encouraging words telling us
we are going in the right direction. The objective was near and we could almost
taste it. Having a stable code-base is no joke, it requires countless hours of
writing unit-tests, running w3af scripts and most importantly: fixing bugs. Now,
finally we're here!
In this latest release, we bring y
1 min
Metasploit
Metasploit Framework 3.7.1 Released!
Originally posted by HD Moore:
We are happy to announce the immediate availability of version 3.7.1 of the
Metasploit Framework, Metasploit Express, and Metasploit Pro. This is a
relatively small release focused on bug fixes and performance improvements.
Notable highlights include an improved IPv6 reverse_tcp stager from Stephen
Fewer, a performance improvement for HTTP services (client-side modules), a bug
fix to channel support in the PHP Meterpreter, an update to MSFGUI, and various
small
1 min
Metasploit
Metasploit Framework 3.7.0 Released!
Originally Posted by egypt
The Metasploit team has spent the last two months focused on one of the
least-visible, but most important pieces of the Metasploit Framework; the
session backend. Metasploit 3.7 represents a complete overhaul of how sessions
are tracked within the framework and associated with the backend database. This
release also significantly improves the staging process for the reverse_tcp
stager and Meterpreter session initialization. Shell sessions now hold their
output in a ri
1 min
Metasploit
Metasploit Framework 3.4.1 Released!
The Metasploit Project is proud to announce the release of the Metasploit
Framework version 3.4.1. As always, you can get it from our downloads page
[http://www.metasploit.com/framework/download/], for Windows or Linux. This
release sees the first official non-Windows Meterpreter payload, in PHP as
discussed last month [/2010/06/14/meterpreter-for-pwned-home-pages]. Rest
assured that more is in store for Meterpreter on other platforms. A new
extension called Railgun
[http://mail.metasploit.c