Metasploit

The Metasploit Framework is the world’s most popular open source exploit development and penetration testing platform.

Metasploit is the community's de facto exploit development framework and is backed by the world’s largest public exploit database. As project sponsor, Rapid7's Metasploit team along with the open source community are continuously expanding the exploit library and creating a broader platform with publicly available exploits, thus helping organizations to stay ahead of the changing threat landscape by providing the same information behind some of today's malicious attacks. Rapid7 is committed to making Metasploit the best security and penetration testing platform in the world.

The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. Metasploit enables you to:

• Distinguish real threats from false positives to speed and simplify remediation efforts
• Clearly prioritize penetration tests based on automated vulnerability scans
• Pinpoint exploitable vulnerabilities in networks, operating systems, Web applications and databases
• Easily add additional and custom exploits that can be integrated into penetration tests in real-time
• Leverage the open source community by having access to the world’s largest public exploit database
• Implement security best practices for mission critical systems

Key features

An encyclopedia of Exploits

As an open source product,Metasploit provides the world’s largest database of publicly available exploits, covering over 400 unique CVEs. Overall, Metaploit covers a wide range of targets with more than 440 exploits, 215 auxiliary modules and hundreds of payloads.

Broad Platform Support

The Metasploit Framework is supported on all modern operating systems, including 32-bit and 64-bit versions of Windows®, Linux and Mac OS® X. The framework also runs on a wide variety of devices, from the Apple® iPhone™ to IBM mainframes.

A Community of Thousands

Free Download: as an open source product, Metasploit is available for free download. Since 2003, the Metasploit Project has focused on sharing security information and developing cutting-edge security open source products. Community contributors provide critical contributions to risk prevention research and technology. As a result of being developed by the community, Metasploit is best equipped to rapidly respond to the fast changing threat landscape, ensuring organizations can reliably and quickly determine if their businesses are at risk. Metasploit's Wiki and mailing list provide a way to gain direct access to both the Metasploit staff as well as the broader security community, meaning security threats are addressed fast by security novices to penetration testing experts using Metasploit to constantly keep the business community in lockstep with the threat space.

Open Source but Backed by a Commercial Provider

As project sponsor, Rapid7 is committed to keeping the framework and tools open source. Through the backing of Rapid7, the Metasploit project has significantly increased the number of dedicated resources on the project, added research, development, QA and support capabilities and accelerated the overall growth of the project. Metasploit and Rapid7 NeXpose together provide the best of both penetration testing and vulnerability management solutions, paving the way to deliver unique capabilities that vastly improve how security flaws are managed.

Integrated with Vulnerability Management Solutions

The direct integration of Metasploit with all editions of Rapid7 NeXpose enables penetration testers to correlate information on vulnerabilities and exploits. Without having to leave the Metasploit user interface, users can kick off vulnerability scans and import vulnerability information after a completed scan to provide a baseline of relevant information in mirroring potential threats. By leveraging the insight gained from automated vulnerability information, users can execute fast, precise and highly targeted exploits in contrast to traditional labor intensive, manual methods. Additionally, since Metasploit is open source, security analysts and penetration testers can easily create and modify exploits in real-time vs. waiting for them to be created by a third-party, increasing the efficiency and value of the testing process.