Loading...
Wednesday, July 18, 2012

Metasploit Framework 4.4! released

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

The Metasploit Framework 4.4 has had 101 modules added since Metasploit 4.3: 68 exploits, 22 auxiliary modules, 9 post modules, 1 payload, and 1 encoder.

Official change log for Metasploit Framework 4.4:

Metasploit Risk Validation for Nexpose Vulnerability Management: By integrating Metasploit Pro with Nexpose for risk validation, you can now prioritize the critical vulnerabilities that pose a real risk, fixing them before it’s too late. Now you can focus your efforts on what matters. Specifically, Metasploit Framework now tightly integrates with Nexpose by:


Importing rich vulnerability data from Nexpose scans, sites, and XML
Automatically validating the exploitability of many high-risk vulnerabilities
Providing a simplified process to spot-check individual vulnerabilities
Pushing granular exploit results back to Nexpose via Vulnerability Exceptions
Pushing device classifications back to Nexpose Asset Groups via Metasploit Tags
Enhancing Metasploit reports with detailed Nexpose scan data

Security professionals benefit from the integration in the following ways:
Quickly identify high-risk vulnerabilities not protected by compensating controls
Measure the effectiveness of defensive solutions designed to mitigate vulnerabilities
Increase credibility and reduce friction between IT operations and security teams

Improved AV Evasion: Over the years the Metasploit Framework payloads have gotten higher and higher detection rates. This is especially true when an actual executable binary has to land on the target system, such as in the case of the psexec module. Rapid7 have recently set out to respond back to the AV vendors to once again challenge them to step up their game while we enable our team to slip past defenses yet again. This updated, shinier Metasploit Framework version comes with a “DynamicExe option” that can be launched to bypass anti virus detection. Very useful while targetting with the psexec module or the Metasploit Pro Bruteforce module. This feature will be improved upon over the coming weeks!

Speedy UI, Even Under Heavy Load: The Metasploit Framework user interface now responds much faster, even when handling tens of thousands of hosts!

New Auxiliary and Exploit Modules: As usual, the big point releases cater more to the commercial Metasploit users while our regular weekly updates provide value to our open source community. Since Metasploit Framework 4.3 was last released on April 24, 101 new modules were added to Metasploit: 68 exploits, 22 auxiliary modules, 9 post modules, 1 payload, and 1 encoder. All of these are also available in the free Metasploit Community Edition and in the open source Metasploit Framework, which were both updated with this release.

So you see, Metasploit Pro now features enhanced vulnerability verification, extended anti-virus evasion techniques for compromised hosts, and an array of back-end performance enhancements. Notable new modules that have been added since Metasploit Framework 4.3 include include modules for auditing CCTV systems, Windows PowerShell post modules, fuzzed Citrix opcode exploits, a MySQL authentication bypass, a Microsoft XML Core Services exploit, a Windows Group Policy Preference password-gathering post module, a F5 BIG-IP known public key authenticator, and many, many more.

In addition, Metasploit’s Meterpreter has also seen significant improvements with this release, with a new encrypted Java Meterpreter, extended sniffing capabilities, and VC 2010 compatibility for Windows Meterpreter.


Download Metasploit Framework:
Metasploit Framework version 4.4 –
metasploit-latest-windows-installer.exe
metasploit-latest-linux-x64-installer.run
Download other versions -
http://www.metasploit.com/download/

Visit website -
http://www.metasploit.com/

Previous post regarding metasploit -
http://santoshdudhade.blogspot.in/2012/04/metasploit.html




0 comments:

Post a Comment

 
TOP