Tuesday, October 19, 2010

Rapid7 Introduces Metasploit Pro - The World’s First Penetration Testing Solution That Achieves Unrestricted Remote Network Access Through Firewalls

Rapid7®, the leading provider of unified vulnerability management and penetration testingsolutions, today announced the availability of Metasploit Pro™, the new software for security professionals in enterprises, government agencies and consulting firms who need to make network security testing more efficient to reduce costs. Unlike alternative products, Metasploit Pro improves the efficiency of penetration testers by providing unrestricted remote network access and enabling teams to collaborate efficiently. Metasploit Pro exceeds the functionality of Metasploit Express™ with support for security testing of custom Web applications, managing client-side campaigns against end-users and additional evasion features.
“Enabling penetration testers to share findings and notes definitely helps keep everyone in synch and productivity moving. It’s also a great time saver at the end of an assignment because you can create a single report including everyone’s findings at the push of a button.”
“Metasploit Pro completes our suite of penetration testing products and addresses the needs of the penetration testing expert who requires advanced features,” said Mike Tuchen, Rapid7 president and CEO. “We built Metasploit Pro with the same intuitive interface and efficient workflows of Metasploit Express and added advanced features that enable penetration testers to compromise networks deeper and faster. As a result, they can complete their security testing in less time, greatly reducing the overall impact on security budgets.”
The Metasploit® Framework is the most widely used and mature solution in the market with more than one million unique downloads in the past year and the world’s largest, public database for quality assured exploits. As organizations face increasing threats to complex, business-critical systems, the ability to simulate realistic attacks on their infrastructure in a fast and cost-effective manner is critical. Only Metasploit products are based on the Metasploit Framework, the gold standard for penetration testing, and are therefore best suited to emulate realistic attacks.
To efficiently ensure the highest possible security of their IT infrastructure, enterprises need to prioritize the mitigation of vulnerabilities. Metasploit is the world’s only penetration testing solution that directly launches NeXpose® vulnerability scans to verify vulnerabilities. Based on this enterprise risk scoring, organizations can make informed decisions about which vulnerabilities should be addressed first.
“We’ve been thrilled with all the capabilities of Metasploit Express and were excited to try the advanced features of the new Metasploit Pro, especially team collaboration,” says Jim O'Gorman, security systems specialist at Continuum Worldwide, a leading independent provider of business assurance solutions and a Rapid7 customer. “Enabling penetration testers to share findings and notes definitely helps keep everyone in synch and productivity moving. It’s also a great time saver at the end of an assignment because you can create a single report including everyone’s findings at the push of a button.”
Metasploit Pro:
  • Scans and exploits Web applications. Metasploit Pro enables you to scan and exploit both standard and custom Web applications, often the most publicly accessible server on the network. These can provide a pivot point into a database or further into the network.
  • Runs social engineering campaigns. Metasploit Pro runs custom social engineering campaigns, including website cloning for phishing and emails with malicious attachments, to compromise end-user systems, providing additional attack vectors into the network.
  • Achieves unprecedented network access. Metasploit Pro is the world’s only penetration testing solution to achieve unrestricted remote network access through a compromised host. Unlike alternative products, which provide proxy-based pivoting that is restricted to certain protocols, Metasploit Pro’s VPN pivoting evades firewall restrictions and provides encrypted access into networks at the Ethernet level, providing the same capabilities as a physical network tap. As a result, penetration testers can run any network discovery tool, such as the NeXpose vulnerability scanner, through a compromised host as if they were directly connected to the internal network.
  • Enables unique team collaboration. Metasploit Pro is the world’s first penetration testing solution that supports team collaboration to coordinate concerted attacks. Team members can see and search each other’s actions, progress and notes to make team efforts more efficient. Known hosts, credentials and hashes are automatically leveraged by other team members.
“I firmly believe that Metasploit Pro combines best-of-breed tools in a sane, easy-to-use format, enabling us to do our job quickly and thoroughly,” says Joshua Brashars, senior security consultant at AppSec Consulting, an information security firm and a Rapid7 consulting partner. “With Metasploit Pro, my team can maximize the efficiency of our penetration tests while minimizing the number of tools we require. Metasploit Pro combines the power of the Metasploit Framework with a simple-to-use interface that allows us to hit the ground running.”
“With Metasploit Pro, we’ve delivered a solution for penetration testers who love the workflow of Metasploit Express but needed to go even further with their security assessments,” said HD Moore, Rapid7 CSO and Metasploit chief architect. “Rapid7 is uniquely positioned to offer a multi-tiered product that solves the real-world challenges of hundreds of thousands of security professionals and researchers. And, as a result of our success with commercial products, we’re able to drive higher quality, additional features and faster exploit development in the free, open-source framework, giving directly back to the community that sustains us.”
Pricing and Availability
Metasploit Pro is available immediately for $15,000 per named user, per year and includes support with dedicated SLAs provided by Rapid7 staff. To learn more, visit http://www.rapid7.com/products/metasploit-pro.jsp.
To download a fully featured trial version, visit http://www.rapid7.com/downloads/metasploit-pro.jsp.

Source : http://eon.businesswire.com/news/eon/20101019006738/en/Rapid7-Introduces-Metasploit-Pro---World%E2%80%99s-Penetration

My New tutorial on Advanced HOST URL redirection