Metasploit Pro 4.0 released

Rapid7 launched Metasploit Pro 4.0, a penetration testing solution that provides security professionals with a better view of their threat landscape by integrating with more than a dozen vulnerability management and Web application scanners, and by providing data to security information and event management (SIEM) systems through a documented interface.

This enables defenders to identify vulnerabilities that could lead to a data breach and prioritize their remediation more effectively. Security teams increase their productivity by spending less time fixing unimportant vulnerabilities and have an effective way to verify that remediation was successful.

“Organizations looking to reduce data breach risks need smarter and more efficient security risk intelligence. One way to get this is through frequent, broad-scale penetration testing,” said HD Moore, Rapid7’s CSO and Metasploit chief architect. “The new features of Metasploit Pro 4.0 make this a practical reality for defenders by automating penetration testing workflow steps, better integrating with vulnerability management solutions and introducing new interfaces for SIEM systems.”

The new capabilities in Metasploit Pro 4.0 now enable defenders to:

Integrate security risk intelligence

• Integrate Metasploit Pro with your security information and event management (SIEM) system to improve your dashboard information
• Import scan results from more than a dozen third-party Web application scanners and vulnerability assessment tools to prioritize vulnerabilities and eliminate false positives
• Increase productivity in your security team by integrating Metasploit Pro with NeXpose vulnerability management solutions to directly access vulnerabilities that need to be verified
• Automate verification of vulnerabilities and reporting through new programming interface and XML results
• Document compliance with FISMA reports that map findings to controls and requirements.

Deploy in a way that works for you

• Install on Windows, Ubuntu, or Red Hat Enterprise Linux
• Provision a VMware image to your data centers with VMware vSphere
• Host an Amazon Machine Image (AMI) in Amazon Elastic Compute Cloud (Amazon EC2).

Automate penetration testing steps

• Automatically gather evidence with customizable post-exploitation macros
• Re-establish dropped shells with persistent sessions and listeners
• Replay previously successful attacks to verify remediation
• Easily crack encrypted passwords offline
• Remotely control Metasploit Pro through a programming Interface (RPC API)
• Pull penetration testing reports from Metasploit Pro in an XML format.