Skip navigation
All Places > Metasploit > Blog > 2010 > July

Originally Posted by hdm



Today, as Rapid7 announced the sponsorship of a second open source project with its support of w3af, I reflect back on my experience with Rapid7 over the last 9 months. When I agreed to the acquisition of the Metasploit project by Rapid7 in October last year it was with a lot of excitement but also with a small leap of faith. In my initial blog post from October 2009 after the acquisition I spoke about "demonstrating that we mean what we say". I spoke about how Rapid7’s resources would help us hammer out Metasploit Framework releases, with better quality assurance, fewer bugs, more exploits, and faster development cycles. In April, we increased the stakes and promised software that would simplify and automate the penetration testing tasks that you do on a daily basis.


How have we done?


Looking back, I’m glad to see that we seem to have achieved these goals. The Metasploit Framework has been integrated in the Rapid7 development process, leading to the improvements the Metasploit community is experiencing today. The Metasploit Framework remains open source.


Since October 2009, the Metasploit team and Rapid7 have released six versions of the Metasploit Framework, culminating with Metasploit 3.4.1. The Metasploit Framework has added 247 new exploit modules and 184 new auxiliary modules since the acquisition. In the first half of 2010, the Metasploit Framework was downloaded or updated by more than 740,000 unique individuals, an increase of over 91 percent compared to the second half of 2009.


In addition, we launched Metasploit Express, a commercial, enterprise-grade product that makes penetration testing easy and scalable.


It seems this experiment was successful. That’s why I was thrilled to hear this news:


"Andres Riancho joined Rapid7 to launch its global Center of Excellence for Web Security. Andres is the founder of the open-source w3af project, an extensible Web Application Attack and Audit Framework that finds and exploits web application vulnerabilities".


Why is this great news?


Because Rapid7 is committed to the w3af project, sponsoring its continued open source development and "buying in" by looking at integration with their existing commercial offerings.


This is another proof point that open source can succeed, both as a development model, and a business model, with the right configuration. While the Metasploit project was acquired by Rapid7, the w3af project remains independent but sponsored by Rapid7. I am excited to see what other collaborative models the future brings.


If you are currently thinking about launching your own open-source project, let me encourage you. It is a great way to build innovative technology and to contribute to the community. And don’t worry – once the project grows to become too successful for you to do as a hobby, there are many models for you to get the help you need. Metasploit and w3af are just two examples.

Originally Posted by HD More



Metasploit Express 3.4.1 was released on July 15th, 2010. This release adds 16 new exploits, an overhauled module browser,  island-hopping support, brute force support for FTP and HTTPS, enhanced  import and export functionality, and improvements to the online update  system, including support for HTTP proxies. This release fixes over 100  bugs. Full details of this release can be found in the online release notes. Existing customers can download the new release from the Rapid7 Customer Center. We also offer free trial evaluations as well. 


The screenshot below highlights the new session option for island-hopping:


Originally Posted by egypt



The Metasploit Project is proud to announce the release of the Metasploit Framework version 3.4.1.  As always, you can get it from our downloads page, for Windows or Linux.  This release sees the first official non-Windows Meterpreter payload, in PHP as discussed last month.  Rest assured that more is in store for Meterpreter on other platforms.  A new extension called Railgun is now integrated into Meterpreter courtesy of Patrick HVE, giving you scriptable access to Windows APIs and an unprecedented amount of control over post-exploitation.  For those of you wishing to contribute to the framework, a new file called HACKING has been introduced that lays out a few guidelines for making it easier.


This release has 16 new exploits, 22 new auxiliary modules and 11 new Meterpreter scripts for your pwning enjoyment.  For more in-depth information about this release, see the 3.4.1 release notes

Filter Blog

By date: By tag: