Rapid7 released Metasploit Pro which improves the efficiency of penetration testers by providing unrestricted remote network access and enabling teams to collaborate efficiently.
It exceeds the functionality of Metasploit Express with support for security testing of custom Web applications, managing client-side campaigns against end-users and additional evasion features.
Scans and exploits Web applications. Metasploit Pro enables you to scan and exploit both standard and custom Web applications, often the most publicly accessible server on the network. These can provide a pivot point into a database or further into the network.
Runs social engineering campaigns. Metasploit Pro runs custom social engineering campaigns, including website cloning for phishing and emails with malicious attachments, to compromise end-user systems, providing additional attack vectors into the network.
Achieves unprecedented network access. Metasploit Pro is the world’s only penetration testing solution to achieve unrestricted remote network access through a compromised host. Unlike alternative products, which provide proxy-based pivoting that is restricted to certain protocols, Metasploit Pro’s VPN pivoting evades firewall restrictions and provides encrypted access into networks at the Ethernet level, providing the same capabilities as a physical network tap. As a result, penetration testers can run any network discovery tool, such as the NeXpose vulnerability scanner, through a compromised host as if they were directly connected to the internal network.
Enables unique team collaboration. Metasploit Pro is the world’s first penetration testing solution that supports team collaboration to coordinate concerted attacks. Team members can see and search each other’s actions, progress and notes to make team efforts more efficient. Known hosts, credentials and hashes are automatically leveraged by other team members.