Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Open Source  

Introducing RubySMB: The Protocol Library Nobody Else Wanted To Write

The Server Message Block (SMB) protocol family is arguably one of the most important network protocols to be conversant in as a security professional. It carries the capability for File and Print Sharing, remote process execution, and an entire system of Named Pipes that serve…

Metasploit Framework Open Source Installers

Rapid7 has long supplied universal Metasploit installers for Linux and Windows. These installers contain both the open source Metasploit Framework as well as commercial extensions, which include a graphical user interface, metamodules, wizards, social engineering tools and integration with other Rapid7 tools. While these features…

12 Days of HaXmas: Metasploit, Nexpose, Sonar, and Recog

This post is the tenth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014.The Metasploit Framework uses operating system and service fingerprints for automatic…

12 Days of HaXmas: Metasploit Yearly Wrapup

This post is the seventh in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014. Since today happens to be the last day of the year,…

Metasploit Weekly Update: On Breaking (and Fixing!) Security Software

Attacking Security InfrastructureThis week, one module stands out for me: the Symantec Endpoint Protection Manager Remote Command Execution by xistence, who built on the proof-of-concept code from Chris Graham, who turned that out after Stefan Viehbock's disclosure from last week. You can read the full…

Weekly Update: OpSec in Open Source Projects

The weekly Metasploit update is out, and I wanted to highlight three modules that landed in the last week, all of which target open source software. It's easy to drink the FOSS Kool-Aid, and talk about how it's more inherently secure than secret source software,…

SecureNinjaTV Interview: Tod Beardsley About Metasploit 10th Anniversary

At Black Hat 2013 in Vegas this year, our very own Tod Beardsley was cornered by SecureNinja TV and social engineered into giving an interview. Here is the result - captured for eternity:…

Security Death Match: Open Source vs. Pay-for-Play Exploit Packs

In the blue corner: an open-source exploit pack. In the red corner: a pay-for-play incumbent. As a security professional trying to defend your enterprise against attacks, which corner do you bet on for your penetration tests?What's the goal of the game? Okay, this is…

Webcast: Playing in the Sandbox - Open Source Tools for Threat Intelligence

If you missed last week's webcast in the Life's a Breach series, I have good news for you: The recording is now available. In this webcast, Claudio Guarnieri, security researcher with Rapid7 and creator of Cuckoo Sandbox, shows what we can learn from analyzing malware…

Magnificent7 Update - Submission Deadline

Back in August, we announced th at Rapid7 is committing $100,000 to support up to seven Open Source projects in 2012: the Magnificent7. So far we have received some really great proposals, and some requests for more time from some interesting projects, so this…

Being Agile within an Open Source project

When I started to work at Rapid7 almost a year and a half ago, one of the first things I thought about was: "How can w3af benefit from all the methodologies, tools and ideas that Rapid7 uses to create NeXpose?", and without using too many…

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More