Test your network to uncover exploitable security gaps with Metasploit

Knowing your opponents' moves helps you better prepare your defenses. Metasploit, backed by a community of 200,000 open-source contributors, gives you that insight and lets you safely test your defenses. Metasploit Pro’s built-in automation speeds common penetration testing routines and provides advanced evasion techniques which result in faster engagements and clearer reporting on the results. End-to-end phishing campaigns allow you to safely test user behavior with analytics to tell you who fell for the bait. Plus, you can view campaign results in Rapid7 UserInsight for a more complete view of user risk. Integration with Nexpose further validates vulnerabilities and prioritizes action plans. With an average of 1.2 exploits added each day, Metasploit allows you to stay ahead of the attacker.

Get a clear view of how your network can be exploited, so you can focus your efforts and back up your action plan. Metasploit can help you to:

Safely simulate attacks on your network to uncover pressing security issues with the industry’s most complete set of exploits.
Further assess and validate vulnerabilities in your environment.
Verify your defenses, security controls, and mitigation efforts with advanced evasion techniques, testing for weak credentials, and the ability to manage penetration tests at scale.
Manage phishing exposure through testing both user awareness and technical controls.

Are you using Metasploit Express and wondering what Metasploit Pro could do for you? This document outlines the most important differences between Metasploit Pro and Metasploit Express. In general terms, Metasploit Pro is a fully-featured security solution for security programs and advanced penetration tests in mid-sized and enterprise security teams. By contrast, Metasploit Express is the low-cost, entry-level edition with a limited feature set.

Prefer a table-formatted comparison? Go here.

The following features are exclusive to Metasploit Pro and not included in Metasploit Express:

Security Auditing Wizards

No matter if you're a veteran penetration tester or new to the game, you'll likely have more projects than you have time on your schedule. Metasploit Pro's Security Auditing Wizards walk the user through the steps of a typical engagement. Seasoned penetration testers will find that the wizards shortcut the first steps of an engagements, making them more productive. For new Metasploit Pro users, the new wizards provide a great way to easily conduct baseline assessments to find low-hanging fruit.

Simplify and Operationalize Security Testing

Even when offensive security techniques have been publicly discussed at conferences and proof of concept code or open source tools are available, using them in your projects can be very time consuming and may even require custom development. Simplify and operationalize security testing with Metasploit Pro's MetaModules, which automate common yet complicated security tests that provide under-resourced security departments a more efficient way to get the job done. MetaModules cover tasks for penetration testing, such as passive network discovery, and security controls testing, such as firewall egress testing.

VPN pivoting

Metasploit’s regular proxy pivoting is useful to exploit another host once you have gained a first session in an organization through social engineering or exploiting an Internet-facing server. However, it’s proxy-based interface makes it very challenging to run reconnaissance on the network.

By contrast, VPN pivoting lets you run any network-based tools through a compromised host, such as vulnerability scanners or even your own custom tools. It creates an encrypted layer 2 tunnel into the compromised machine and routes any network traffic through that target machine. This grants you full network access as if you were on the local network – without a perimeter firewall to block your traffic.

Team Collaboration

When working in a red team, it can be hard to keep track of information and share it with the team, resulting in low productivity and missed opportunities to penetrate the target.

Metasploit Pro manages all of the data in a penetration test and makes it available instantly to all team members, such as discovered hosts, notes, and credentials. Credentials captured by one team member instantly become available for other members for iterative attacks, greatly increasing the speed of a large-scale penetration test. With team collaboration, you can mentor junior team members and oversee their work on a project, reducing the cost of the engagement and enabling training on the job.

At the end of the engagement, the results of all team members are included in the final reports – no collating necessary.

PCI DSS and FISMA Reporting

Writing reports is a time-consuming cut-and-paste chore at the end of every engagement, outlining which machines were compromised, showing the evidence, and how the results map to compliance requirements.

While Metasploit Express includes basic reporting, Metasploit Pro adds two valuable reports that map the findings to the requirements of both PCI DSS and FISMA.

Web app scanning

With web apps becoming more and more crucial to the enterprise (and more and more complex), Metasploit Pro provides the intelligence you need to stay ahead of the game. Our automated web scanning module allows you to discover URL’s, crawl for vulnerabilities, and exploit – all at the touch of a button. Target your remediation efforts by testing which

SQL injection or cross-site scripting attacks are successful. Prove where you are vulnerable with Metasploit Pro and lock the barn door before the horses get out.

Metasploit Pro covers Open Web Application Security Project (OWASP) Top 10 2013. The list identifies ten of the most critical risks relating to web applications. Due to the popularity of, and increasing reliance on, web applications, they are involved in the majority of breaches. Metasploit addresses this, enabling organizations to audit the security of their web-based applications, whether they be out of the box or custom, on-premise or in the cloud. This helps security professionals identify issues before a malicious attacker does. Learn more about what's new in our OWASP Top 10 2013 webcast.

SQL injections are among the top reasons of compromise for web applications, posing a huge risk to confidential data. Most SQL injection attacks give you access to the data in the database; Metasploit Pro's new SQL injection attacks go beyond this, giving penetration testers a session on the machine, which is equivalent to having administrative rights on the machine. This gives the penetration tester not only access to the database but also to other information on the machine, and opens the door to pivot to other machines.

Finding vulnerabilities is great, but the goal is to eliminate them. The remediation advice provided in Metasploit's reports should serve as a valuable basis for discussions with internal developers and external SaaS application providers.

Social engineering: Managing User Risk

When it comes to phishing, you are only as secure as your most naïve user. With enterprises spending big money on training and malware prevention, it is more important than ever to know who is leaving you vulnerable.

With Metasploit Pro, you can find out whether your security awareness, vulnerability and patch management programs are hitting the spot. Send out phishing emails to your users to measure how many users:

Opened the email
Clicked on the link
Submitted a web form
Used an exploitable browser

If your user awareness metrics are cause for concern, additional training may be in order. Send users directly to an on-demand course after they click on a phishing link, or sign them up later. Measure the effectiveness of your security awareness trainings by measuring the phishing email click-through rate before and after the training. Adjust your training content or delivery method if the trainings don't show the results you were hoping for.To improve system security, review your vulnerability management and patching programs, or tweak browser security settings.

Enhanced command-line console

Everyone has a preference, and you've got yours. Our penetration testing software allows you to choose your favorite user interface - web-based or command-line - or mix it up!New to Metasploit? Use the web-based interface to reduce the need for training, and get the job done faster.Metasploit veteran? Use the advanced CLI functionality of Metasploit Pro to get access to new, high-level commands, better manage your data and generate a single report for all activities.

Integration and Automation

Many drive-by attacks have become automated, so security professionals are at a disadvantage if they don't follow suit. With Metasploit Pro you can become more productive using the following ways to automate and integrate:

Metasploit Pro API: Build your own automation from from scratch, integrate with GRC and SIEM solutions, as well as custom vulnerability management tools while getting all that Metasploit Pro has to offer. Our integrations and feature set are improving every day, but don’t let us hold you back!
Task chains: Set up custom workflows without having to write a single line of code. Task chains can be scheduled to run manually, one, or at scheduled intervals. Complete simple tasks or entire penetration tests, and have the reports sent to you by email after the workflow has completed.

Vulnerability Verification

The relationship between security and IT teams can be, shall we say, complicated. Vulnerability reports may list a potential vulnerability that is not exploitable in your environment. The IT operations team needs to know that you’re giving them meaningful, accurate information – every time.

Metasploit gives you the ability to validate results from your vulnerability scanner. Exploitable vulnerabilities can be highlighted and are put on the top of the list. Non-exploitable vulnerabilities can be downgraded in importance or excluded if the compensating controls have proven to be effective.

While Metasploit Express can import and validate the results of a number of third-party scanners, Metasploit Pro offers additional benefits when used with Nexpose. After the vulnerability verification, Metasploit can report results back into the Nexpose vulnerability management solution, ensuring a closed-loop security program and smoother interaction with IT operations.

Post-Exploitation Macros and Persistent Sessions

Your social engineering campaign or server exploit was successful – but you've gone out for lunch? Metasploit Pro post-exploitation macros save you time and increase your productivity by automatically launching post-exploitation measure when Metasploit compromises a host. Actions include collecting passwords, taking screenshots, and installing keyloggers.

You'll also want to protect yourself from losing a hard-earned session. With Metasploit Pro, persistent sessions ensure that the target connects back after the network connection is lost - even after a reboot. To ensure that your engagement does not leave behind an artifact that could later be exploited, you can specify a timeout for the persistent agent to self-destruct.

Tagging Hosts

Managing your target assets and organizing your work is time consuming and maintaining a spreadsheet of IP addresses isn’t the most efficient or secure tactic. Metasploit Pro keeps track of all hosts and enables you to tag hosts to assign hosts to a person, mark the scope of a project, or flag high-value targets. Hosts can also be tagged by source (from Nexpose, internal scan, list from IT). Tags also serve as references for later actions; for example, if you've marked certain hosts with the "pci" tag, you can then start a smart exploitation action on these machines simply by entering #pci into the hosts field.

Metasploit Express

For security professionals in enterprises and government agencies.

$5,000* Buy New License

$1,750* Extend License

Mobilisafe

For organizations seeking to manage the risk associated with mobile devices.

$24# Annual License

$3# Monthly License

Top Features Overview: Free vs. Commercial Metasploit Editions

Feature	Details	Metasploit Framework	Metasploit Community	Metasploit Express	Metasploit Pro
License	Use one of several editions. Commercial licenses are annual named-user licenses with unlimited installs per user.	Free	Free	$5,000	Call
Quick Start Wizards	Conduct baseline penetration tests to find low-hanging fruit, web app tests, or phishing campaigns. Shortcut the first steps of an engagements and go deeper after the Wizard completes.				Y
Smart Exploitation	Have Metasploit auto-select all exploits that match fingerprinted devices and services. Select a minimum reliability ranking for safe testing. Supports dry-run to see which exploits would be run before launching them.			Y	Y
Credentials Bruteforcing	Try out the most common or previously captured passwords on more than a dozen service types with one command. Password hashes can be automatically cracked if based on weak passwords or used in pass-the-hash attacks.			Y	Y
MetaModules	MetaModules simplify and operationalize security testing for IT security professionals. Many security testing techniques are either based on cumbersome tools or require custom development, making them expensive to use. To expedite this testing, MetaModules automate common yet complicated security tests that provide under-resourced security departments a more efficient way to get the job done.				Y
Closed-loop Risk Validation	Verify vulnerabilities and misconfigurations to prioritize risks and return the results into Nexpose				Y
Web App Testing	Scan, audit and exploit web applications for vulnerabilities, including the OWASP Top 10 2013.				Y
Social Engineering	For Penetration testers: Send out phishing emails containing attachments or links to websites hosting exploits or fake login forms. Create USB flash drives with malicious files to compromise a machine. For security programs: Send out simulated phishing emails to measure user awareness, including how many people clicked on a link in an email or entered credentials on a fake login page, and deliver training to users who've shown risky behavior.				Y
Pro Console	Advanced command-line functionality of Metasploit Pro to get access to new, high-level commands, better manage your data and generate a single report for all activities, increasing your overall productivity.				Y
Reporting	Create basic penetration testing reports without cutting and pasting information, including audit reports and compromised hosts reports. Pro Edition only: Create reports for web application testing and social engineering campaigns as well as compliance reports that map findings to PCI DSS or FISMA requirements.			(Y)	Y
Advanced Anti-virus Evasion	Use advanced anti-virus evasion techniques, such as custom executable templates, to ensure that your payload does not get stopped by anti-virus solutions on the target host.				Y
VPN Pivoting	Get full layer-2 network access through a compromised host, enabling you to use any network-based tool through a compromised host, e.g. a vulnerability scanner, to get more visibility and use advanced techniques.				Y

Detailed Metasploit Editions Comparison Table

Feature	Details	Metasploit Framework	Metasploit Community	Metasploit Express	Metasploit Pro
Pricing
License	Use one of several editions. Commercial licenses are annual named-user licenses with unlimited installs per user.	Free	Free	$5,000	Call
User Interface
Web-based User Interface	User-friendly web-based user interface that increases productivity and reduces training needs.		Y	Y	Y
Command-Line Interface	Basic command-line interface, most prominently used in Metasploit Framework.	Y			Y
Pro Console	Advanced command-line functionality of Metasploit Pro to get access to new, high-level commands, better manage your data and generate a single report for all activities, increasing your overall productivity.				Y
Penetration Testing
Comprehensive Exploit Coverage	Metasploit includes the world's largest public collection of quality-assured exploits.	Y	Y	Y	Y
Manual Exploitation	Select a single exploit to launch against a single host.	Y	Y	Y	Y
Basic Exploitation	Select a single exploit to launch against any number of hosts in your environment.		Y	Y	Y
Smart Exploitation	Have Metasploit auto-select all exploits that match fingerprinted devices and services. Select a minimum reliability ranking for safe testing. Supports dry-run to see which exploits would be run before launching them.			Y	Y
Exploitation Chaining	Automatically combine several exploits and auxiliary modules, e.g. to compromise Cisco routers				Y
Evidence Collection	Collect evidence of compromise with one button, including screenshots, passwords and hashes, and system info			Y	Y
Post-exploitation Macros	Automatically launch a customized set of post-exploitation modules after successfully compromising a machine, e.g. to automatically collect evidence from hosts.				Y
Persistent Sessions	Re-establish a session after a connection gets interrupted, e.g. because of a phished user who closes his laptop.				Y
Bruteforcing Credentials	Try out the most common or previously captured passwords on more than a dozen service types with one command. Password hashes can be automatically cracked if based on weak passwords or used in pass-the-hash attacks.			Y	Y
Social Engineering	Send out phishing emails containing attachments or links to websites hosting exploits or fake login forms. Create USB flash drives with malicious files to compromise a machine.				Y
Web App Testing	Scan, audit and exploit web applications for vulnerabilities, including the OWASP Top 10 2013.				Y
IDS/IPS Evasion	Get to the target without being detected through IDS/IPS evasion				Y
Advanced Anti-virus Evasion	Use advanced anti-virus evasion techniques, such as custom executable templates, to ensure that your payload does not get stopped by anti-virus solutions on the target host.				Y
Proxy Pivoting	Use a compromised machine to launch an exploit against another target.	Y	Y	Y	Y
VPN Pivoting	Get full layer-2 network access through a compromised host, enabling you to use any network-based tool through a compromised host, e.g. a vulnerability scanner, to get more visibility and use advanced techniques.				Y
Reporting
Basic Reporting	Create basic penetration testing reports without cutting and pasting information, including audit reports and compromised hosts reports.			Y	Y
Replay Scripts	Generate scripts that replay an attack so that your customers can test if remediation worked.			Y	Y
Advanced Reporting	Create reports for web application testing and social engineering campaigns as well as compliance reports that map findings to PCI DSS or FISMA requirements.				Y
Productivity Enhancements
Quick Start Wizards	Conduct baseline penetration tests to find low-hanging fruit, web app tests, or phishing campaigns. Shortcut the first steps of an engagements and go deeper after the Wizard completes.				Y
MetaModules	MetaModules simplify and operationalize security testing for IT security professionals. Many security testing techniques are either based on cumbersome tools or require custom development, making them expensive to use. To expedite this testing, MetaModules automate common yet complicated security tests that provide under-resourced security departments a more efficient way to get the job done.				Y
Discovery Scans	Leverage the integrated nmap scanner in combination with advanced fingerprinting techniques to map out the network and identify devices		Y	Y	Y
Data Management	Track all discovered and found data in a searchable database. Find outliers through the Grouped View.		Y	Y	Y
Tagging	Tag hosts to assign hosts to mark an import source, a person, mark the scope of a project, or flag high-value targets. Use tags to refer back to hosts in later actions.				Y
Task Chains	Create custom workflows to start manually, schedule once or on an ongoing basis.				Y
Pro API	Use an advanced, fully documented API to integrate Metasploit Pro into SIEM and GRC solutions or create custom automations and integrations.				Y
Integrations	Integrate out-of-the-box with GRC and SIEM solutions				Y
Team Collaboration	Work on the same project with several team members, splitting the workload and leveraging different levels of expertise and specialization. Share all information and create a unified report.				Y
Security Programs
Closed-loop Risk Validation	Verify vulnerabilities and misconfigurations to prioritize risks and return the results into Nexpose				Y
Managing Phishing Exposure	Send out simulated phishing emails to measure user awareness, including how many people clicked on a link in an email or entered credentials on a fake login page, and deliver training to users who've shown risky behavior.				Y
Vulnerability Verification
Vulnerability import	Import output files from Nexpose and third-party vulnerability scanners	Y	Y	Y	Y
Web vulnerability import	Import output files from various third-party web application scanners			Y	Y
Nexpose scans	Start a Nexpose scan from within the interface. Results are automatically imported to Metasploit.		Y	Y	Y
Direct Import	Directly import existing Nexpose scans by site.				Y
Vulnerability exceptions	Push vulnerability exceptions back into Nexpose after verification, including comments and expiration date of how long vulnerability should be suppressed from Nexpose reports.			Y	Y
Closed-loop Integration	Tag and push exploitable vulnerabilities back to Nexpose for follow-up.				Y
Re-run Session	Re-run an exploit to validate that a remediation effort, e.g. patch or compensating control, is successful.			Y	Y
Support
Community Support	Get peer support through Rapid7 Security Street	Y	Y	Y	Y
Rapid7 Support	Get Rapid7 24/7 email and phone support			Y	Y

Download Metasploit (Trial):
Windows: http://downloads.metasploit.com/data/releases/metasploit-latest-windows-installer.exe
Linux 64 bit: http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
Linux 32 bit: http://downloads.metasploit.com/data/releases/metasploit-latest-linux-installer.run

License Key Nexpose Community Edition:
DZRX-3QH0-JR3Z-5JBG
SR85-61T5-JVJ8-YHJM

IT dan Security Audit

Rabu, 26 Februari 2014

Download Metasploit