#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for Metasploit | Breaking Cybersecurity News | The Hacker News

Metasploit Community Edition - Advance penetration testing tool by Rapid7

Metasploit Community Edition - Advance penetration testing tool by Rapid7

Oct 19, 2011
Metasploit Community Edition - Advance penetration testing tool by Rapid7 Open-source penetration testing "Metasploit Framework" Rapid7 a project funded by the U.S. on October 18 (U.S. time), and penetration testing tools platform to Metasploit Framework "Metasploit Community Edition" was released. Available for free download from its Web site. According to Rapid7 Chief Security Officer and Metasploit Creator HD Moore, " The best way to tackle the increasing information security challenge is to share knowledge between practitioners, open source projects and commercial vendors. " Community Editioin is based on the Metasploit Framework, a combination of the basic user interface available in commercial versions. Using penetration testing exploit basic, GUI simple, that provides entry-level modules such as a browser. You can verify any exploitable vulnerabilities, that can streamline vulnerability management and data protection. Can also import third-par
Metasploit 3.5.1 adds Cisco device exploitation !

Metasploit 3.5.1 adds Cisco device exploitation !

Dec 18, 2010
Metasploit now enables security professionals to exploit Cisco devices, performs passive reconnaissance through traffic analysis, provides more exploits and evaluates an organization's password security by brute forcing an ever increasing range of services. This latest release adds stealth features, exposing common flaws in IDS and IPS, and anti-virus threat detection. Team leaders may now impose network range restrictions on projects and limit access to specific team members. Adding to its social engineering capabilities, Metasploit can also now attach malicious files to emails, for example PDF and MP3 files that can take control of a user's machine. The highlights of Metasploit version 3.5.1 are: Gain access to Cisco devices. Metasploit now automatically exploits authentication bypass flaws if present and can brute force access through Telnet, Secure Shell, HTTP and SNMP protocols. After successful exploitation, Metasploit downloads configuration files and autom
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
SecurityTube Metasploit Framework Expert Certification Launched !

SecurityTube Metasploit Framework Expert Certification Launched !

Nov 24, 2011
SecurityTube Metasploit Framework Expert Certification Launched ! Not so long ago, we had posted the launch of the SecurityTube Wi-Fi Security Expert (SWSE) program. The certification has been a success and it has students from over 25+ countries from around the world. The SecurityTube Metasploit Framework Expert (SMFE) is an online certification on the Metasploit Framework. This course is ideal for penetration testers, security enthusiasts and network administrators. The course leading to the certification exam is entirely practical and hands-on in nature. The final certification exam is fully practical as well and tests the student's ability to think out of the box and is based on the application of knowledge in practical real life scenarios. A brief list of topics to be covered in this course includes: Metasploit Basics and Framework Organization Server and Client Side Exploitation Meterpreter - Extensions and Scripting Database Integration and Automated Exploitation Pos
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules!

Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules!

Feb 24, 2012
Metasploit Framework 4.2.0 : IPv6, VMware, and Tons of Modules! Since last release in October, Metasploit added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads.  Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening command sessions and shells on IPv6 networks. In addition, Metasploit's existing arsenal of payloads has been updated to support IPv6 as well. With this release comes a pile of new modules targeting VMware vSphere/ESX SOAP interface, as well as a pair of new brute force modules to audit password strength for both vmauthd and Virtual Web Services. Metasploit 4.2 now ships with fourteen new resource scripts, nearly all of which were provided by open source community contributors. These scripts demonstrate the power of Metasploit's extensible architecture, allowing programmatic Metasploit module usage through the powerful Ruby scripting language. Download Metasploit Framework 4.2.0  and Re
Metasploit Pro 4.0 released - Enterprise Integration, Cloud Deployment & Automation

Metasploit Pro 4.0 released - Enterprise Integration, Cloud Deployment & Automation

Jul 27, 2011
Metasploit Pro 4.0 released - Enterprise Integration, Cloud Deployment & Automation Rapid7 launched Metasploit Pro 4.0, a penetration testing solution that provides security professionals with a better view of their threat landscape by integrating with more than a dozen vulnerability management and Web application scanners, and by providing data to security information and event management (SIEM) systems through a documented interface. This enables defenders to identify vulnerabilities that could lead to a data breach and prioritize their remediation more effectively. Security teams increase their productivity by spending less time fixing unimportant vulnerabilities and have an effective way to verify that remediation was successful. The new capabilities in Metasploit Pro 4.0 now enable defenders to: Integrate security risk intelligence Integrate Metasploit Pro with your security information and event management (SIEM) system to improve your dashboard information Import
Metasploit Framework 3.7.0 Released !

Metasploit Framework 3.7.0 Released !

May 04, 2011
Metasploit Framework 3.7.0 Released ! The Metasploit team has spent the last two months focused on one of the least-visible, but most important pieces of the Metasploit Framework; the session backend. Metasploit 3.7 represents a complete overhaul of how sessions are tracked within the framework and associated with the backend database. This release also significantly improves the staging process for the reverse_tcp stager and Meterpreter session initialization. Shell sessions now hold their output in a ring buffer, which allows us to easily view session history -- even if you don't have a database. This overhaul increases performance in the presence of many sessions and allows for a larger number of concurrent incoming sessions in a more reliable manner. The Metasploit Console can now comfortably handle hundreds of sessions, an especially important consideration when running large-scale social engineering engagements. Several areas of database performance have seen significant i
Metasploit Framework v3.5.2 latest version download !

Metasploit Framework v3.5.2 latest version download !

Feb 11, 2011
Our favourite exploitation framework – The Metasploit Framework has been updated! We now have Metasploit Framework version 3.5.2! "The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task." This is the detailed release log: Statistics: * Metasploit now ships with 644 exploit modules and 330 auxiliary modules. * 39 new modules and payloads have been added since the last point release. * 58 tickets were resolved and 331 commits were made since the last point release. New Modules: New Exploits and Auxiliaries: * Apache Tomcat Transfer-Encoding Information Disclosure and DoS * Microsoft IIS FTP Server Encoded Response Overflow Trigger * Apache HTTPD mod_negotiation Filename Bruter * Apache HTTPD mod_negotiatio
Armitage Update : Graphical cyber attack management tool for Metasploit

Armitage Update : Graphical cyber attack management tool for Metasploit

Feb 15, 2012
Armitage Update : Graphical cyber attack management tool for Metasploit Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you. Armitage Changelog 14/Feb/12 - Added ports 5631 (pc anywhere) and 902 (vmauthd) to the MSF Scans feature. - Several cosmetic tweaks to the spacing in Armitage tables. - Moved table render code from Sleep to Java to avoid potential lock conflicts - Added support for vba-exe payload output type. - Payload generation dialog now sets more appropriate default options for the vba output type when it is selected. - Meterp command shell "read more stuff?" heuristic now accounts for Yes/No/All - Fixed ExitOnSession
Metasploit Framework v3.5.1 Updated Version Download !

Metasploit Framework v3.5.1 Updated Version Download !

Dec 17, 2010
Our favourite exploitation framework – The Metasploit Framework has been updated! We now have Metasploit version 3.5.1 ! "The Metasploit Framework is a penetration testing toolkit, exploit development platform , and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task." This is the release log: Statistics : Metasploit now ships with 635 exploit modules and 313 auxiliary modules. 47 new modules have been added since the last point release. 45 tickets were closed and 573 commits were made since the last point release Metasploit is still about twice the size of the nearest Ruby application according to Ohloh.net (~500K lines of Ruby) New Modules : New Exploits and Auxiliaries Cisco Device HTTP Device Manager Access Cisco IOS HTTP Unauthorized Administrative Access Cisco I
Social-Engineer Toolkit v1.0 - Latest Version Download

Social-Engineer Toolkit v1.0 - Latest Version Download

Nov 07, 2010
The Social Engineer Toolkit (SET) has been updated to version 1.0! We wrote about the Social Engineer's Toolkit in our old post here. This release is called the Devolution Release.     "The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed." This is the huge changelog for this version:     * Added the new set-automate functionality which will allow you to use SET answer files to automate setting up the toolkit     * Added bridge mode to Ettercap if you want to utilize that capability within Ettercap     * Fixed an issue where multiple meterpreter shells would spawn on a website with multiple HEAD sections in the HTML site     * Added the Metasploit Browser Autopwn functionality into the Metasploit Attack Vector section     * Fixed th
Armitage : Cyber Attack Management for Metasploit tool !

Armitage : Cyber Attack Management for Metasploit tool !

Nov 29, 2010
Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework . Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help us. Changelog: - start msf button now kills msfrpcd session if db_connect fails - set default database options to mysql with BackTrack 4 R2 settings . - Armitage -> Exit menu now kills msfrpcd, if the "Start MSF" button was used - Added ability to set up a multi/handler from Payload launch dialog Prerequisites to install Armitage. Armitage has the following prerequisites: - Java 1.6.0+ - Metasploit 3.5+ - A database and the information to connect to it Examples ./msfrpcd -f -U msf -P test -t Basic Once you have a database, navigate to the folder containing the Armitage
New Metasploit 3.6 Targets Security Compliance !

New Metasploit 3.6 Targets Security Compliance !

Mar 09, 2011
Security vulnerability testing is getting a boost this week with the release of Metasploit 3.6. Metasploit Pro, the commercial version of the product, now includes new PCI compliance reporting capabilities. There is also a new Project Activity Report, which helps organization manage and track penetration testing activities. While there have been improvements to the commercial tool, open source users also benefit from some of the work done on Metasploit Pro 3.6 "The work behind the Pro Console actually resulted in major usability improvements to the standard Metasploit Framework console," said HD Moore, chief security officer at Rapid7 and Metasploit's chief architect. "All 64 of the new modules (including 15 exploits) are available in the open source version as well as the commercial products."
Metasploit website Hacked just by sending a spoofed DNS change request via Fax to Domain Registrar

Metasploit website Hacked just by sending a spoofed DNS change request via Fax to Domain Registrar

Oct 11, 2013
A group of Pro-Palestine hackers ' KDMS Team ' today has been able to hijack the Metasploit website simply by sending a fax and hijacked their DNS records. Rapid7 is a leading Security Company and Creator of world's best penetration testing software called ' Metasploit '. The company confirmed via Twitter that Metasploit.com was hacked via a spoofed DNS change request sent via fax to its registrar, Register.com . The group came to prominence earlier this week when it managed to hijack the websites of popular messaging service WhatsApp and anti-virus company AVG among others. On the website, the hacker posted " Hello Metasploit.  After Whatsapp , Avira, Alexa , AVG and other sites. We were thinking about quitting hacking and disappear again! But we said: there is some sites must be hacked. You are one of our targets. Therefore we are here. And there is another thing do you know Palestine? " Rapid7 official statement regarding the in
Metasploit Framework 3.7.2 Released - Download

Metasploit Framework 3.7.2 Released - Download

Jun 21, 2011
Metasploit Framework 3.7.2 Released - Download  Metasploit Framework 3.7.2 includes 698 exploit modules, 358 auxiliary modules, and 54 post modules, 11 new exploits, 1 new auxiliary module, and 15 new post modules.This release addresses several issues with updating the framework, adds 11 exploit / auxiliary modules and brings a plethora of new features. Modules included are listed below. Notable modules include the Cisco Anyconnect ActiveX bug (which works against recent versions of the Cisco AnyConnect Windows Client), and the SCADA modules by sinn3r and MC. The multi-platform post-exploitation work continues with new modules for Linux and Solaris included in this release thanks to Carlos Perez. A number of password-stealing post modules are also included, courtesy of David Maloney. The updates to the signed_java_applet module are documented on the Metasploit Blog. Additionally, the cachedump module has been improved and merged thanks to great work by Mubix. New features are equal
Metasploit Framework 3.6.0 Released !

Metasploit Framework 3.6.0 Released !

Mar 07, 2011
In coordination with Metasploit Express and Metasploit Pro, version 3.6 of the Metasploit Framework is now available. Hot on the heels of 3.5.2, this release comes with 8 new exploits and 12 new auxiliaries. A whopping 10 of those new auxiliary modules are Chris John Riley's foray into SAP, giving you the ability to extract a range of information from servers' management consoles via the SOAP interface. This release fixes an annoying installer bug on Linux where Postgres would not automatically start on reboot. The feature I am most excited about is the new Post Exploitation support. I hinted at this new module type in the 3.5.2 release announcement and with 3.6, more than 20 new modules are available. Post modules are a new, more powerful, replacement for meterpreter scripts. Scripts were clearly tied to a single platform: meterpreter for Windows. With modules it is much easier to abstract common tasks into libraries for any platform that can expose a session. For example, f
5 Cybersecurity Tools Every Business Needs to Know

5 Cybersecurity Tools Every Business Needs to Know

May 23, 2019
Cybersecurity experts all echo the same thing – cyber attacks are going to get more rampant, and they will continue to pose severe threats against all technology users. Businesses, in particular, have become prime targets for cybercriminals due to the nature of data and information they process and store. 2018 saw a slew of data breaches targeting large enterprises that resulted in the theft of the personal and financial records of millions of customers. Falling victim to cyber attacks can deal with a major financial blow to businesses as the cost of dealing with an attack has risen to $1.1 million on the average. It can even be more devastating for small to medium-sized businesses. 60 percent of these smaller operations close within six months after failing to recover from cyber attacks. But aside from these monetary costs, companies can also lose credibility and their customers' confidence. Needless to say, businesses must improve the protection of their infrastructures
Armitage 07.12.11 - Updated Version

Armitage 07.12.11 - Updated Version

Jul 15, 2011
Armitage 07.12.11 - Updated Version Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you. This is the official change log : Fixed a race condition causing some file browser actions to fail on Windows hosts at times. Files downloaded through file browser are now archived in: [host]Downloads Hail Mary output nows goes to [log dir]allhailmary.log Added Crack Passwords button to Credentials tab. This opens the launcher for John the Ripper: auxiliary/analyze/jtr_crack_fast Added Post Modules item to Meterpreter N -> Explore and Shell N menus. This menu item will show applicable post-exploitation modules in the module browser. Loot browser now
Cortana scripting language introduced for Cobalt Strike and Armitage

Cortana scripting language introduced for Cobalt Strike and Armitage

Aug 07, 2012
At DEFCON 20, Raphael Mudge the developer of Armitage released the most significant update to Armitage. Armitage is now fully scriptable and capable of hosting bots in acollaborative hacking engagement. Raphael Mudge is the founder of Strategic Cyber LLC, a Washington, DC based company that creates software for red teams. He created Armitage for Metasploit, the Sleep programming language, and the IRC client jIRCii. Previously, Raphael worked as a security researcher for the US Air Force, a penetration tester, and he even invented a grammar checker that was sold to Automattic.  Raphael talk about Cortana scripting language for Cobalt Strike and Armitage. Cortana allows you to write scripts that automate red team tasks and extend Armitage and Cobalt Strike with new features. This technology was funded byDARPA's Cyber Fast Track program and it's now open source . Armitage a red team collaboration tool built on the Metasploit Framework. Cobalt Strike is Armitage's commercial b
Metasploit Framework 3.7.1 Released !

Metasploit Framework 3.7.1 Released !

May 17, 2011
Metasploit Framework 3.7.1 Released ! Statistics Metasploit now ships with 687 exploit modules, 357 auxiliary modules, and 39 post modules. 2 new exploits and 2 new auxiliary modules have been added since the last release. Highlights & New Features This release address a performance issue with HTTP Services and adds a few modules. In addition, a bug in the Windows auto-update task has been corrected, along with minor changes to the Windows installer. New Modules VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow ICONICS WebHMI ActiveX Buffer Overflow SPlayer 3.7 Content-Type Buffer Overflow OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit ARP Spoof Download Metasploit Framework 3.7.1
Arachni v0.2.1 - penetration testers Framework - latest release

Arachni v0.2.1 - penetration testers Framework - latest release

Nov 26, 2010
"Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications." This is the official change log : Major performance improvements Major system refactoring and code clean-up Major module API refactoring providing even more flexibility regarding element auditing and manipulation Integration with the Metasploit Framework via: ( New ) ArachniMetareport , an Arachni report specifically designed to provide WebApp context to the Metasploit framework. Arachni plug-in for the Metasploit framework, used to load the ArachniMetareport in order to provide advanced automated and manual exploitation of WebApp vulnerabilities. Advanced generic WebApp exploit modules for the Metasploit framework, utilized either manually or automatically by the Arachni MSF plug-in. Improved Blind SQL Injection module, significantly less requests per audit. XMLRPC server ( New ) XMLRPC C
Cybersecurity Resources