All Posts

4 min Metasploit

Six Ways to Automate Metasploit

Onward Over the last few weeks the Metasploit team at Rapid7 has engaged in an overhaul of our development process. Our primary goals were to accelerate community collaboration and better define the scopes of our open source projects. The first step was to migrate all open source development to GitHub. This has resulted in a flood of contributors and lots of greatnew features and content. One controversial change involved removing old, buggy automation tools that simply didn't meet the quality

4 min

Vendor Security

I'd like to share our experiences with vendor security since I'm sure it's something that impacts all of us. Like every company, Rapid7 relies on a number of technology vendors for a huge range of products and services to run the business. I'm sure no one will be surprised to hear that as a security company we have a policy specifying the security requirements that our vendors need to meet before we'll do business with them. Our view is that their security directly impacts any of our internal or

8 min Metasploit

Recon, Wireless, and Password Cracking

The Metasploit Framework continues to grow and expand with the support of the community. There have been many new features added to the Metasploit Framework over the past month. I am very excited to be able to share some of these new developments with you. Mubix's Recon Modules Mubix's post-exploitation modules form his Derbycon talk are now in the repository. The resolve_hostname module, originally called 'Dig', will take a given hostname and resolve the IP address for that host from the windo

1 min Metasploit

Adding Custom Wordlists in Metasploit for Brute Force Password Audits

In any penetration test that involves brute forcing passwords, you may want to increase your chances of a successful password audit by adding custom wordlists specific to the organization that hired you. Some examples: * If you are security testing a hospital, you may want to add a dictionary with medical terms. * If you're testing a German organization, users are likely to use German passwords, so you should add a German wordlist. * Another good idea is to build a custom wordlist b

0 min Metasploit

Metasploit and PTES

One of our Metasploit contributers, Brandon Perry , has put together a document detailing the recently released Penetration Testing Execution Standard (PTES) with the modules and functionality in the Framework. PTES is a push from a group of testers fed up with the lack of guidance and the disparate sources of basic penetration testing information. Brandon's document does a great job detailing disparate par

3 min Release Notes

Exploit for Critical Java Vulnerability Added to Metasploit

@_sinn3r and Juan Vasquez recently released a module which exploits the Java vulnerability detailed here by mihi and by Brian Krebs here . This is a big one.  To quote Krebs: "A new exploit that takes advantage of a recently-patched critical security flaw in Java is making the rounds in the cri

1 min Metasploit

Three Great New Metasploit Books

I've seen three great Metasploit books published lately. The one that most people are probably already familiar with is Metasploit: The Penetration Tester's Guide by David Kennedy, Jim O'Gorman, Devon Kearns and Mati Aharoni. The book is very comprehensive, and packed full of great advice. David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools, so he really knows his stuff. By the way,

2 min Microsoft

Microsoft Patch Tuesday - November 2011

November's Microsoft Patch Tuesday contains four bulletins: one “critical”, two “importants”, and one “moderate”. The majority of these bulletins relate to Microsoft's later versions of the OS, implying that the flaws they address were possibly introduced with Windows Vista. Generally more vulnerabilities are found in earlier versions of the OS, so this month is unusual. The critical bulletin – MS11-083 – is a TCP/IP based, specifically UDP, vulnerability which affects Vista, Windows 7, Server

1 min

Boston Globe Selects Rapid7 as a Top Place to Work

On Sunday the Boston Globe published its annual “Top Places to Work” rankings. This was our first time participating in the list and I'm very proud to report that Rapid7 placed #11 in the category for employers with less than 250 employees. I'd like to congratulate our amazing team, not just those in Boston, but the entire Rapid7 family. The passion and commitment of our team is evident across all our locations, with everyone contributing to the culture that makes us successful. Congratulations

3 min

The Advanced Policy Engine

The Advanced Policy Engine is the new configuration compliance framework that was created for the Nexpose 5.0 release. Advanced? What makes it advanced? Anyone can call anything "Advanced" these days. A lot of times it is hard to tell if it is just marketing or a real improvement. Look at all of the cleaning ads on television right now. "Cleaner X cleans 30% then the our previous cleaner using our new Advanced formula!!!" Is it really improved? How did they measure the i

0 min Metasploit

Metasploit Framework Featured on CNN: Phishing Made Simple

While browsing security related articles at CNN, I noticed this video of Eric Fiterman demonstrating a phishing attack and some post exploitation techniques with Metasploit Framework. Video courtesy of:

2 min Metasploit

PCI DIY: How to do an internal penetration test to satisfy PCI DSS requirement 11.3

If you're accepting or processing credit cards and are therefore subject to PCI DSS, you'll likely be familiar with requirement 11.3, which demands that you "perform penetration testing at least once a year, and after any significant infrastructure or application upgrade or modification". What most companies don't know is that you don't have to hire an external penetration testing consultant - you can carry out the penetration test internally, providing you follow some simple rules: * Sufficie

3 min Nexpose

Introducing Metasploit Community Edition!

The two-year anniversary of the Metasploit acquisition is coming up this week. Over the last two years we added a ridiculous amount of new code to the open source project, shipped dozens of new releases, and launched two commercial products. We could not have done this without the full support of the security community. In return, we wanted to share some of our commercial work with the security community at large. As of version 4.1 , we now include the Metasploit

2 min Patch Tuesday

October 2011 Patch Tuesday

This month, Microsoft issued eight bulletins, addressing 23 vulnerabilities across Microsoft Windows, Silverlight, .NET and Forefront product lines. Only two bulletins were rated 'critical', and the rest were rated 'important'. In terms of prioritizing patching, when I look at security vulnerabilities, first I want to understand which ones can have the most widespread impact. MS11-081is a cumulative update which affects Internet Explorer, so it relates to both corporate and home users. These v

15 min Metasploit

MonaSploit

Introduction “Standalone exploits suck”. egyp7 and bannedit made this statement earlier this year at Bsides Vegas, and nullthreat & yours truly elaborated on this even more during our talk at Derbycon 2011. There are many reasons why writing Metasploit exploit modules and submitting them to the Metasploit framework is a good idea. You're not only going to help the