Friday, October 21, 2011

Metasploit Community Edition - Advance penetration testing tool by Rapid7



Open-source penetration testing "Metasploit Framework" Rapid7 a project funded by the U.S. on October 18 (U.S. time), and penetration testing tools platform to Metasploit Framework "Metasploit Community Edition" was released. Available for free download from its Web site.

According to Rapid7 Chief Security Officer and Metasploit Creator HD Moore, "The best way to tackle the increasing information security challenge is to share knowledge between practitioners, open source projects and commercial vendors."

Community Editioin is based on the Metasploit Framework, a combination of the basic user interface available in commercial versions. Using penetration testing exploit basic, GUI simple, that provides entry-level modules such as a browser. You can verify any exploitable vulnerabilities, that can streamline vulnerability management and data protection. Can also import third-party vulnerability scanning reports.

The Community edition sports a version of the slick interface that the commercial version of Metasploit uses, making it easier for everyone to use the very popular pen test tool. The Community edition is free and HD Moore, founder of Metasploit says it will always be free, but it is not open sourced. The Metasploit framework which powers both the community and commercial versions is open source and Moore says that will also always be the case.


The capabilities of Metasploit Community include:
  • A simple graphical user interface, which makes it much easier to get started with vulnerability verification and security assessments than command-line based alternatives.
  • Network discovery, enabling users to map their networks by identifying hosts, scanning for open ports and fingerprinting their operating systems and services.
  • Integration with vulnerability scanners, so scan data from Rapid7 Nexpose, Nmap and a dozen other solutions can be imported directly into Metasploit Community. Nexpose scans can also be initiated and sites imported directly from within Metasploit Community.
  • Basic exploitation, enabling users to verify which vulnerabilities are actually exploitable and must be remediated - and which ones don't. This increases productivity and reduces the cost of a vulnerability management program and helps prevent data breaches.
  • Module browser, leveraging the world's largest database of quality-assured exploits so users can easily find the right exploit. Each module includes a reliability ranking, indicating its typical success rate and impact on the target system.
  • Security and IT professionals can easily upgrade from Metasploit Community to Metasploit Pro, continuing to work with the familiar interface on the existing installation. Metasploit Pro adds more powerful capabilities, including smart exploitation, password auditing, Web application scanning, post-exploitation, social engineering, team collaboration, comprehensive reporting and enterprise-level support.
  • More details about the Community Edition can be found in a post on the Rapid7 Community blog. Metasploit Community Edition is available to download from the Rapid7 web site. The open source version of Metasploit is released under a three-clause BSD licence.

3 comments: