I’ve been raving about the penetration testing tool Metasploit for a while. With the release of Metasploit Express earlier this year I’m even more pleased with all the efforts HD Moore and his team have put forth. Metasploit Express is a commercial product you’ll have to pay for but to me it’s well worth the investment. It’s easier to use, it has nice reporting and more. All the things we need in today’s world of junk security tools that just don’t deliver.
In the event you haven’t tried it out, here’s a brief walk-through of some of the nice features and capabilities of Metasploit Express.
<-- Once a vulnerability has been exploited and the payload delivered, you can gather evidence as shown here.
<-- Or, you just can just obtain a remote command prompt showing that you've compromised the host.
<-- When all's said and done, you can kill your session, clean up the remnants and be done with it. There are numerous other features within Metasploit Express that allow you to automate host discovery, the exploitation process and so on…just a bit much to cover in one blog post. Perhaps I’ll cover that in detail in my next edition of Hacking For Dummies. 🙂
All in all, Metasploit Express is a security testing tool you shouldn’t be without. It’s a great way to “prove” those security vulnerabilities you discover are indeed a business problem.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”