AOH :: ISNQ5702.HTM

Metasploit Gets New Vulnerabilty Scanning Features




Metasploit Gets New Vulnerabilty Scanning Features
Metasploit Gets New Vulnerabilty Scanning Features



http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=222000147 

By Kelly Jackson Higgins
DarkReading
Dec 01, 2009 

A new version Metasploit released today includes integrated 
vulnerability scanning for the popular open source penetration testing 
tool.

Rapid7, which recently purchased Metasploit, today announced both the 
new version of Metasploit, 3.3.1, as well as a new free version of 
Rapid7's NeXpose vulnerability scanner. The NeXpose Community Edition is 
basically a slimmed-down version of the company's enterprise-class 
scanner that's limited in the number of IP's it can scan.

The free NeXpose version is integrated with Metasploit 3.3.1 with a 
plug-in to the Metasploit console. "This integration is the first to 
actually run the [vulnerability] scan and do the import of the data for 
you," says HD Moore, chief security officer for Rapid7 and creator of 
Metasploit. It lets the penetration tester run the scan, import the 
data, and automatically run exploits against the vulnerabilities, he 
says.

"This is the first step in the integration" of Metasploit and the 
NeXpose vulnerability scanning platform, Moore says. The tools work 
together from the Metasploit console with a command-line plug-in: the 
penetration tester loads Metasploit, connects to NeXpose, and runs the 
scan from there. The scan data is then brought in to Metasploit and 
cross-referenced with Metasploit's modules, which then are automatically 
launched to test out the vulnerabilities, he says. "The whole process is 
from the Metasploit console," he says.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods