Rapid7 Blog

Release Notes  

Weekly Metasploit Wrapup

Powershell? In my Meterpreter? It's more likely than you think! Hot on the heels of his fantastic Python extension, the legendary OJ Reeves has once again busted out an awesome new ability for post-exploitation, this time by putting a fully functional powershell inside your native…

Weekly Metasploit Wrapup

Scanning for the Fortinet backdoor with Metasploit Written by wvu Metasploit now implements a scanner for the Fortinet backdoor. Curious to see how to use it? Check this out! wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL msf > use auxiliary/scanner/ssh/fortinet_backdoor msf auxiliary(…

Weekly Metasploit Wrapup

I'm not your mother, clean up after yourself. An old friend of mine, axis2deployer, is a fun authenticated code execution module that takes advantage of Axis2's ability to deploy new applications on a web server. It used to be a messy friend, leaving its files…

Weekly Metasploit Wrapup

Aaaaaand we're back! Last week was the first weekly update of the year and it comes with a super fun stuff. Tunneling The latest update allows you to tunnel reverse_tcp sessions over a compromised machine in a slightly less painful way. There is now…

Weekly Metasploit Wrapup

Welcome to the last Metasploit update of the year! Since January 1st, 2015, we've had 6364 commits from 176 unique authors, closed 1119 Pull Requests, and added 323 modules. Thank you all for a great year! We couldn't have done it without you.SoundsThe sounds…

Weekly Metasploit Wrapup

Python extension for Windows MeterpreterMeterpreter offers some pretty powerful post-exploitation capabilities, from filesystem manipulation to direct Windows API calls with railgun, and everything in between.One thing that's been missing for a long time is on-victim scripting. With this update comes an experimental Python extension…

Weekly Metasploit Wrapup

One of the greatest things about Metasploit is that it supports lots of different protocols and technologies that you would otherwise need a huge menagerie of tools to be able to talk to, an ever-expanding bubble of interoperability that you didn't have to write. Due…

New Metasploit 4.9 Helps Evade Anti-Virus Solutions, Test Network Segmentation, and Increase Productivity for Penetration Testers

Metasploit 4.9 helps penetration testers evade anti-virus solutions, generate payloads, test network segmentation, and generally increase productivity through updated automation and reporting features. Since version 4.8, Metasploit has added 67 new exploits and 51 auxiliary and post-exploitation modules to both its commercial and…

Simplify Vulnerability Management with Nexpose 5.6

We are pleased to announce the next major release of Nexpose, version 5.6.  This release focuses on providing you the most impactful remediation steps to reduce risk to your organization and extends our current configuration assessment functionality.New Look and FeelThe most visible…

Metasploit Pro 4.6 Adds OWASP Top 10 2013 and Security Auditing Wizards

Today, we released Metasploit Pro 4.6, which brings you some awesome new features for your enterprise security program. Updated Web Application Security Testing with Support for OWASP Top 10 2013 Web applications are gaining more and more traction, both through internally developed applications and…

Metasploit 4.6.0 Released!

We just released Metasploit 4.6.0, so applying this week's update will get you the brand new version. While Chris has a delightful blog post of what all is new in Metasploit Pro, let's take a look at what's exciting and new between Metasploit…

Weekly Metasploit Update: Browser Autopwn 0-day, ICMP Exfiltration, LM Downgrading, and Reporting Speedups

Today marks the first Metasploit update of the new year, and it's been a little while since the last, so there's a bumper crop of new modules; eighteen to be precise.Internet Explorer 0-day and Browser AutopwnWhile we didn't ship an update over the holidays,…

Significantly Enhanced, yet Simplified Reporting

The new year is just around the corner and the Internet has been available to users for almost two decades now. We have had user experiences that have pushed the boundaries with software, touchscreen devices and mobile applications. We are now witnessing radical changes in…

Security Configuration assessment capabilities that meet your needs with Nexpose 5.4

A new great looking feature in our configuration assessment component has been added in Nexpose 5.4: the ability to customize policies to meet your unique contextual needs, i.e. are specific to your environment. You are now going to be able to copy a…

New Metasploit 4.4: Risk Validation for Vulnerability Management with Nexpose, Improved AV Evasion, and Faster UI

Fresh out of the oven and in time for Black Hat Las Vegas, we present to you the new Metasploit 4.4 with these great new features:Focus Your Remediation Efforts: Metasploit Risk Validation for Nexpose Vulnerability ManagementYou may have been in this situation: your…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now