Metasploit has changed the way of Penetration testing it provides complete automatic environment to attack, finding vulnerability and their exploits. As discuss before the advantages of automated penetration testing, for automated test metasploit is the best tool. You can find the complete description with basic usage of metasploit here.
The newer version of metasploit is version 4 that will release very soon so in this article i will try to discuss the features of metasploit 4.
According to the official blog the new version contain 36 new exploits, 27 new post-exploitation modules and 12 auxiliary modules. The new version also contain the exploits for browsers like Firefox and Internet explorer, improved 64-bit Linux payload. Some more features are:
- Increased exploitation speed
- Updated social engineering campaigns, including the ability to clone existing websites and edit HTML in a rich editor
- Updated user interface to simplify managing large projects
- Easily re-run tasks that have been aborted by the user
- Global settings for configuring NeXpose scan engines, macros, and API keys
The new version will provides the advance option for import different scan results from third party web application scanners and vulnerability assessment tools. If you want to import result of nessus into metasploit than follow the link to learn.
The metasploit 4 also provides offline password cracking function, for this purpose metasploit will use john the ripper for cracking weak passwords. You can even Integrate Metasploit Pro with your Security Information and Event Management (SIEM).
There are various ways to deploy metasploit like you can now deploy Metasploit as a VMware image using VMware vSphere. Session establishment is not a big problem now, Meterpreter now supports persistent agents and listeners so that the target machine actively re-establishes a session when it drops. Agents automatically expire after a pre-configured amount of time.
No comments:
Post a Comment