Metasploit v.3.6.0 Released (Enhanced command-line options & PCI reports)

 

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

 

All Metasploit editions are seeing an update to version 3.6 today, including an enhanced command-line feature set for increased proficiency and detailed PCI reports with pass/fail information for a comprehensive view of compliance posture with PCI regulations.
This release adds 15 new exploits for a total of 64 new modules since version 3.5.1. All editions of Metasploit now include Post Exploitation modules that provide local exploits and additional data gathering capabilities. Metasploit Express and Metasploit Pro users benefit from the Project Activity Report and Global Search capabilities now available in the user interface. Metasploit Pro users now have access to the new Pro Console, PCI Report, and Asset Tagging features. The full release notes for the open source framework can be found online.

Here’s an overview of what’s new:

Metasploit Pro Console

The new Metasploit Pro Console offers powerful new features that help professional penetration testers complete their job more efficiently in their preferred environment – whether it be command line or a graphical user interface.

    Metasploit Pro Console – Only available in Metasploit Pro, this console is for penetration testers who have become highly accustomed to the easy-to-use command-line interface of the Metasploit Framework, but also require the powerful automation capabilities of Metasploit Pro. With the addition of advanced network discovery, automated exploitation, evidence collection, smart brute forcing, and reporting capabilities to the existing features of the Metasploit Console, the results are immediately visible through the standard Web interface, allowing collaboration between team members using a mix of GUI and Console interfaces.

    PCI Reporting – A feature only available in Metasploit Pro, which generates reports for PCI DSS compliance with pass/fail information for applicable PCI DSS requirements. The PCI standard requires both vulnerability management (11.2) and penetration tests (11.3); therefore, to facilitate compliance with requirement 11.3, Metasploit Pro now includes a detailed, actionable report on an organization’s security posture regarding requirements two, six and eight, which include password and secure systems maintenance. In addition, organizations can leverage Rapid7’s vulnerability management solution NeXpose® to comply with requirement 11.2.

    Project Activity Report – A feature found in Metasploit Pro and Metasploit Express, organizations can now create a PDF report on the exact tests they run at the technical level. This enables clients of a penetration testing firm to retrace the steps that led to a successful assignment.

    Asset Tagging – An advanced feature of Metasploit Pro that allows users to freely assign tags to assets based on multiple criteria such as compliance, operation workflow and team collaboration on different operational units. Tags may be used to classify assets and document security findings, with direct integration into the reporting engine. This facilitates improved project management and reporting, in particular for large penetration testing engagements.

    Global Search – Found in Metasploit Pro and Metasploit Express, global search benefits users working on teams across various projects, with the ability to now search for tags, host names, IP addresses and annotations across projects and team members. This advanced search makes it easier to find information from previous projects or from other team members.

    Post-Exploitation Modules – This feature, found in all Metasploit editions, includes more than a dozen modules that can be run on exploited systems to perform actions such as gathering additional information, pivoting to other networks and elevating system privileges. New post-exploitation modules can be quickly added by Rapid7 as part of the weekly product update. In addition, Metasploit Pro and Metasploit Express provide the ability to run post-exploitation modules on multiple systems simultaneously.

    More exploits and auxilary modules – Since version 3.5.1, 14 exploits and 48 additional modules have been added to the Metasploit Framework, Metasploit Express and Metasploit Pro.

    If you haven’t tried Metasploit Pro yet, get your free, fully featured Metasploit Pro trial.

    NJ Ouchn

    "Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"
    Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

    Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

    GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

    GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

    Black Hat Arsenal 2024 Next Stop Singapore !

    Black Hat Arsenal 2024 Next Stop Singapore !

    ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

    ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

    Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

    Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

    Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

    Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community