Kudos to eEye Digital Security for integrating Metasploit within their Retina vulnerability scanner. According to this recent press release:
“Using the free Retina Community scanner or the Retina Network Security Scanner (version 5.13.0 or higher), users can see whether a vulnerability has an associated exploit from Core Impact, Metasploit, or Exploit-db.com, allowing IT Security professionals to better prioritize vulnerabilities and fix the biggest risks first. In addition, if a Metasploit exploit exists, users can right-click to launch Metasploit (3.6.0 or higher) directly from the scanner to perform a penetration test against the targeted host.”
Thanks for thinking about the workflow of a typical security assessment eEye! I honestly don’t know why it has taken vulnerability scanner vendors so long to get this. I’m convinced that some are completely unaware that such features would be of value.
So….a tip to other vulnerability scanning vendors out there: Think about how your scanners work through the eyes of security professionals. What are the pain points? What are the inefficiencies and hurdles to do basic tasks? All you have to do is ask people like myself. I’m often willing and able to share many such frustrations and advice. 😉
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”