Metasploit Project Releases Update to Security Testing Framework

A new version of Metasploit is out just weeks after the testing framework was acquired by Rapid7.

Fresh off its acquisition by Rapid7, the Metasploit Project has released an updated version of its penetration testing framework that includes more than 440 exploits and hundreds of payloads.

Rapid7 acquired Metasploit last month to add to the company's testing capabilities. Nick Selby, managing director at security firm and consultancy Trident Risk Management, said the acquisition changes the calculus in the industry somewhat, and may force rival firms such as Core Security and Immunity to make changes to products and pricing.

"Core and Immunity both have built-in scanning capabilities as well as partnerships with vulnerability scanners, such as those from Tenable and Qualys," he told eWEEK. "If Rapid7 can truly integrate Metasploit it may be able to enjoy some advantages over its competitors' partnership strategies."

In this latest release, version 3.3, Metasploit features 215 auxiliary modules as well as an in-memory VNC service and the Meterpreter. In addition, Windows payloads now support NX, DEP, IPv6 and the Windows 7 operating system. Support for advanced payload masking has also been included in order to help penetration testers using social engineering techniques.

The latest version of the Metasploit Framework is supported on multiple operating systems, including 32-bit and 64-bit versions of Windows, Linux and Mac OS X. The framework also runs on devices such as the Apple iPhone and IBM mainframes.

This release also supports Ruby 1.9.1, and makes Oracle databases a target with the addition of pre-authentication, post-authentication and SQL injection modules, according to Rapid7.

"The Metasploit community has worked hard over the last 12 months to build a penetration testing platform with unique features and unmatched flexibility" said HD Moore, chief architect of Metasploit and chief security officer at Rapid7, in a statement. "I'm confident that Metasploit users will immediately benefit from the new capabilities of the framework and I look forward to raising the bar even further in the coming months."