http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=222000147 By Kelly Jackson Higgins DarkReading Dec 01, 2009 A new version Metasploit released today includes integrated vulnerability scanning for the popular open source penetration testing tool. Rapid7, which recently purchased Metasploit, today announced both the new version of Metasploit, 3.3.1, as well as a new free version of Rapid7's NeXpose vulnerability scanner. The NeXpose Community Edition is basically a slimmed-down version of the company's enterprise-class scanner that's limited in the number of IP's it can scan. The free NeXpose version is integrated with Metasploit 3.3.1 with a plug-in to the Metasploit console. "This integration is the first to actually run the [vulnerability] scan and do the import of the data for you," says HD Moore, chief security officer for Rapid7 and creator of Metasploit. It lets the penetration tester run the scan, import the data, and automatically run exploits against the vulnerabilities, he says. "This is the first step in the integration" of Metasploit and the NeXpose vulnerability scanning platform, Moore says. The tools work together from the Metasploit console with a command-line plug-in: the penetration tester loads Metasploit, connects to NeXpose, and runs the scan from there. The scan data is then brought in to Metasploit and cross-referenced with Metasploit's modules, which then are automatically launched to test out the vulnerabilities, he says. "The whole process is from the Metasploit console," he says. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Wed Dec 02 2009 - 22:43:29 PST
This archive was generated by hypermail 2.2.0 : Wed Dec 02 2009 - 22:54:04 PST