3 min
Metasploit
New Metasploit Swag Store Is Online
You may remember the awesome Metasploit T-shirt contest we ran in April of last
year [/2011/04/13/who-will-you-be-wearing-vote-for-the-new-metasploit-t-shirt].
We received a ton of submissions at the time and selected a winning T-shirt,
designed by Danny Chrastil.
It was a long and arduous journey for us to get the T-shirts printed and to get
the back-end systems up and running for the Metasploit Swag Store
[http://www.metasploit.com/wear-swag/]...but it's finally here. Yes, you'll
notice tha
2 min
Metasploit
Getting The Most Out of Metasploit: Pentesting, Password Auditing, and Vulnerability Validation
When we talk to Metasploit users, they usually use it for either penetration
testing, password auditing or vulnerability validation, but few use it for more
than one of these purposes. By leveraging your investment in Metasploit, you can
triple-dip at the same price - no extra licenses needed.
Penetration Testing
With penetration testing, you can identify issues in your security
infrastructure that could lead to a data breach. Weaknesses you can identify
include exploitable vulnerabilities, we
3 min
Nexpose
How to Exploit A Single Vulnerability with Metasploit Pro
Metasploit Pro's smart exploitation function is great if you want to get a
session quickly and don't care about being "noisy" on the network, but there are
certain situations where you may want to use just one exploit:
* You're conducting a penetration test and want to exploit just one
vulnerability so you don't draw too much attention (i.e. you want to use a
sniper rifle, not a machine gun)
* You're a vulnerability manager and want to validate just one vulnerability to
know whether
1 min
How to Import Vulnerability Scanner Reports Into Metasploit
It's easy to import third-party vulnerability scanning results into Metasploit.
These formats are supported:
* Acunetix XML
* Amap Log
* Appscan XML
* Burp Session XML
* Core Impact Pro XML
* Foundstone Network Inventory XML
* IP Address List
* Libpcap
* Microsoft MBSA SecScan XML
* nCircle IP360 (XMLv3 & ASPL)
* Metasploit PWDump Export
* Metasploit Zip Export
* Metasploit XML
* NetSparker XML
* Nessus XML (v1 & v2)
* Nexpose Simple XML
* Nexpose XML Export
* Nmap XML
* Qu
2 min
Metasploit
Remote-Controlling Metasploit Through APIs
Metasploit offers some great ways to automate its functionality through a
programming interface. Metasploit users have built custom tools and processes
based on this functionality, saving them time to conduct repetitive tasks, or
enabling them to schedule automated tasks. Our most advanced customers have even
intgrated Metasploit Pro into their enterprise security infrastructure to
automatically verify the exploitability of vulnerabilities to make their
vulnerability management program more ef
2 min
Get CPE Credits For Attending Free Rapid7 Online Webinars
Hopefully you're enjoying our webinars for their content, but did you know that
you're eligible to receive 1 CPE credit per webinar you attend? There's no need
to send us your CISSP number, just self-report in the (ISC)2 portal.
Here's how you do it (click on the images to enlarge):
1. Ensure you archive your webinar registration confirmation email in case you
get audited in the future.
2. Login into the (ISC)2 website and click on Submit CPEs.
3. On the next screen, scroll to the v
3 min
How You Can Efficiently Audit Passwords With Metasploit
While unpatched systems are often the first stepping stone of a breach, it's
often weak or shared credentials that help attackers intrude deeper into the
network and breach sensitive data. Common problems are:
* Weak passwords that lack length or complexity
* Passwords contained in dictionaries
* Passwords that are easily guessed based on information about the
infrastructure
* Vendor default passwords
* Replaying cached credentials
* Re-use of passwords across trust zones
* Develo
1 min
Nexpose
Three Ways to Integrate Metasploit With Nexpose
Metasploit has three ways to integrate with Nexpose vulnerability scanner. I've
heard some confusion about what the different options are, so I'd like to
summarize them here briefly:
1. Importing Nexpose reports: This is a simple, manual file import. Apart from
Nexpose, Metasploit can import about 13 different third-party reports from
vulnerability management solutions and web application scanners. This
feature works in all Metasploit editions.
2. Initiate a Nexpose scan from M
1 min
Metasploit
Creating a FISMA Report in Metasploit Pro
If you're working in IT security in U.S. federal government, chances are that
you have to comply with the Federal Information Security Management Act of 2002
(FISMA). With Metasploit Pro
[https://www.rapid7.com/products/metasploit/download/], you can generate FISMA
compliance reports that map penetration testing findings to controls, as
recommended by Special Publication 800-53a (Appendix G) published by the
National Institute of Standards and Technology (NIST) and by Consensus Audit
Guidelines
3 min
Metasploit
How to Leverage the Command Line in Metasploit Pro
"I'm more comfortable with the Metasploit command line," is an objection I often
hear from long-time Metasploit Framework users who are thinking about purchasing
a copy of Metasploit Pro or Metasploit Express. What many penetration testers
don't know is that you can use the command line in the commercial Metasploit
editions, and leverage their advantages at the same time.
Reporting: The commercial Metasploit editions include one-click reporting that
includes any work you have completed on the
1 min
Metasploit
Jumping to another network with VPN pivoting
VPN Pivoting is one of the best but also most elusive features in Metasploit
Pro, so the best way is to see it. That's why I've decided to post a snippet of
a recent webinar, where HD Moore shows this feature in action.
VPN pivoting enables users to route any network traffic through an exploited
host with two NICs to a different network. For example, you could run nmap,
Metasploit network discovery, or Nexpose vulnerability scans through the VPN
pivot. Using a TUN/TAP adaptor on the Metasploit
3 min
Metasploit
Installing Metasploit Community Edition on BackTrack 5 R1
Update: I just published a new blog post for using Metasploit on BackTrack 5 R2
[https://www.rapid7.com/blog/post/2012/05/30/install-metasploit-on-backtrack/].
BackTrack 5 R1 comes pre-installed with Metasploit Framework 4.0. Unfortunately,
Metasploit Community, which brings a great new Web UI and other functionality,
was introduced in version 4.1, so it's not included by default. Updating
Metasploit Framework using the msfupdate command will not install the Web UI. In
addition, BT5 only makes
1 min
Metasploit
Adding Custom Wordlists in Metasploit for Brute Force Password Audits
In any penetration test that involves brute forcing passwords, you may want to
increase your chances of a successful password audit by adding custom wordlists
specific to the organization that hired you. Some examples:
* If you are security testing a hospital, you may want to add a dictionary with
medical terms.
* If you're testing a German organization, users are likely to use German
passwords, so you should add a German wordlist.
* Another good idea is to build a custom wordlist b
2 min
Metasploit
Three Great New Metasploit Books
I've seen three great Metasploit books published lately. The one that most
people are probably already familiar with is Metasploit: The Penetration
Tester's Guide by David Kennedy, Jim O'Gorman, Devon Kearns and Mati Aharoni.
The book is very comprehensive, and packed full of great advice. David Kennedy
is Chief Information Security Officer at Diebold Incorporated and creator of the
Social-Engineer Toolkit (SET), Fast-Track, and other open source tools, so he
really knows his stuff. By the way,
2 min
Metasploit
PCI DIY: How to do an internal penetration test to satisfy PCI DSS requirement 11.3
If you're accepting or processing credit cards and are therefore subject to PCI
DSS, you'll likely be familiar with requirement 11.3, which demands that you
"perform penetration testing at least once a year, and after any significant
infrastructure or application upgrade or modification". What most companies
don't know is that you don't have to hire an external penetration testing
consultant - you can carry out the penetration test internally, providing you
follow some simple rules:
* Sufficie