Written by Jeromie Jackson Published on Wednesday, 21 October 2009 17:05 Last updated on Wednesday, 21 October 2009 17:37
DownloadsDownload Rapid7 Virtual ApplianceDownload Metasploit |  | |
Metasploit is the de-facto standard for open-source penetration testing frameworks. Basically, testers will leverage a vulnerability assessment utility such as Rapid7's Nexpose commercial tool, and/or Nessus to identify vulnerabilities present within the environment. Once vulnerabilities are validated the next step is to actively exploit the vulnerability. This historically was done generally with custom-coded exploits written in C, Perl, Python, etc. Metasploit provides a framework which contains exploit code along with various payloads you can deliver to the target. Payloads included provide various functions such as running a command on the remote machine, remote command-line interfaces, adding a user to the Administrator group, and other such nefarious activities- even an encrypted remote shell to ensure communications are not monitored.
Rapid7 Nexpose is a leading commercial vulnerability assessment/management utility. I personally use it when conducting penetration tests, vulnerability assessments, and also as part of my web assessments. Fast, clean, and strong reporting.
