There are a lot of different points of entry and attack in a modern enterprise IT network environment.
In an effort to help test and identify security weakness, security vendor Rapid 7 this week released Metasploit 4.0 advancing both the commercial and open source version of their penetration testing framework. Metasploit 4.0 marks a significant shift over the Metasploit 3.x branch that first debuted back in March of 2007.
HD Moore, Rapid7’s chief security officer and Metasploit chief architect explained to InternetNews.com that the use case for Metasploit has moved from a thin launcher around the exploit repository to an all-in-one penetration testing toolkit.
“The 4.0 release brings the framework to a database-centric model where all security information is stored within projects and the framework is focused on organizing system information as well as exploiting vulnerabilities,” Moore said. “This release adds support for importing data from a multitude of other security products, exporting data in a documented XML format, and integrating with other applications through a brand new remote API.”