Metasploit is a penetration testing platform that enables you to find, exploit, and validate vulnerabilities. The platform includes the Metasploit Framework and its commercial counterparts, such as Metasploit Pro. Metasploit increases penetration testers’ productivity, validates vulnerabilities, enables phishing and broader social engineering, and improves security awareness. Metasploit gives you insight that’s backed by a community of well over 200,000 users and contributors: It’s the most impactful penetration testing solution on the planet. With Metasploit you can uncover weaknesses in your defenses, focus on the highest risks, and improve your security outcomes.
- Metasploit Framework
The Metasploit Framework is the foundation on which the commercial products are built. It is an open source project that provides the infrastructure, content, and tools to perform penetration tests and extensive security auditing. Thanks to the open source community and Rapid7’s own hard working content team, new modules are added on a regular basis, which means that the latest exploit is available to you as soon as it’s published.
- Know Your Weak Points
Simulate real-world attacks to find your weak points before a malicious attacker does. Metasploit seamlessly integrates with the open-source Metasploit Framework, giving you access to exploitation and reconnaissance modules to save you effort and accelerate testing. Use attacker techniques to evade antivirus, find weak credentials, and pivot throughout the network.
- Utilize the World’s Largest Code-Reviewed Exploit Database
Leading the Metasploit Framework open-source project gives Rapid7 unique insights into the attacker mindset, current vectors, and methodologies. Rapid7 works with the user community to regularly add new exploits every week, currently amassing more than 2,300 exploits and more than 3,300 modules and payloads.
- Simulate Real-World Attacks Against Your Defenses
Metasploit consistently evades leading antivirus solutions and enables you to efficiently exfiltrate data from compromised machines with over 330 post-exploitation modules. Once one machine is compromised, dig deeper in your network with the Credential Domino MetaModule or easy-to-use VPN pivot, and find out how far an attacker can get.
- Uncover Weak and Reused Credentials
Test your network for weak and reused passwords. Going beyond just cracking operating system accounts, Metasploit can run brute-force attacks against over 15 account types, including databases, web servers, and remote administration solutions.
- Run Penetration Testing Programs at Scale
Conducting an assessment and managing data in networks with over 100 hosts can be challenging with traditional command line tools. Metasploit scales to support thousands of hosts per project on engagements involving multiple, simultaneous penetration testers. Automate penetration testing steps with Task Chains, Resource Scripts, and MetaModules to improve productivity.
- Test and Infiltrate Users with Sophisticated Social Engineering
Send and track emails to thousands of users with Metasploit Pro’s scalable phishing campaigns. Clone web application login pages with one click to harvest credentials, deliver payloads, and direct security awareness training by measuring conversion rates at each step in the social engineering campaign funnel.
- Complete Compliance Programs Faster
Generate reports to show your findings and sort them by regulations such as PCI DSS and FISMA. Additionally, users can verify that compensating controls implemented to protect systems are operational and effective. How can Metasploit adapt to your organization? Create vulnerability exceptions based on hard evidence that will easily pass your next audit. Even better, automatically record actions and findings from your network and application-layer assessment to save valuable time otherwise spent manually building reports.