Rapid7 Launches New Metasploit Community Edition for Free and Simple Vulnerability Verification

Building on Metasploit Framework, New Solution Provides Streamlined User Interface for Network Discovery, Module Browsing and Manual Exploitation

BOSTON--()--Rapid7, the leading provider of security risk intelligence solutions, today announced the launch of Metasploit® Community Edition: a new free addition to the Metasploit family of software solutions, which help security and IT professionals identify and understand real security threats. Available today, Metasploit Community combines the open source Metasploit® Framework with a basic version of the robust commercial user interface available in Metasploit® Pro to provide an entry-level response to the evolving threat landscape. The solution offers a simplified approach to vulnerability verification and penetration testing, enabling organizations of any size to begin the process of understanding and addressing their security posture without the need for deep technical knowledge.

“It is critical for organizations to gain insight into the worsening threat landscape and how it relates to their assets; however, the cost, complexity and resources involved to gauge said threats frequently prevent IT from taking the required actions,” said Andrew Hay, Senior Security Analyst, Enterprise Security Practice, The 451 Group. “Products like Metasploit Community Edition can help cash-strapped IT and security professionals get a handle on their security posture without requiring penetration testing expertise or previous development experience.”

Cyber criminals are successful in breaching networks of enterprises and government agencies every day, creating huge security concerns and compliance issues. Penetration testing is a critical step in assessing the risk posture of the IT infrastructure by complementing vulnerability scans to identify gaps, verify known vulnerabilities for prioritization and decrease false positives, and ensure proper remediation. Metasploit Community makes security assessments more accessible to individual and commercial users through an intuitive interface that offers simplified network discovery and vulnerability verification for specific exploits. This increases the effectiveness of vulnerability scanners such as Nexpose to provide true security risk intelligence.

“The best way to tackle the increasing information security challenge is to share knowledge between practitioners, open source projects and commercial vendors,” said HD Moore, Rapid7 CSO and Metasploit chief architect. “With that in mind, we’ve combined the Metasploit Framework with Rapid7’s commercial development to bring together the best of both worlds – the collaboration of security researchers around the world with quality-tested and stable commercial features. The new Metasploit Community Edition will greatly help security professionals seeking to understand risk and improve their security programs without needing to increase budgets.”

The capabilities of Metasploit Community include:

  • A simple graphical user interface, which makes it much easier to get started with vulnerability verification and security assessments than command-line based alternatives.
  • Network discovery, enabling users to map their networks by identifying hosts, scanning for open ports and fingerprinting their operating systems and services.
  • Integration with vulnerability scanners, so scan data from Rapid7 Nexpose, Nmap and a dozen other solutions can be imported directly into Metasploit Community. Nexpose scans can also be initiated and sites imported directly from within Metasploit Community.
  • Basic exploitation, enabling users to verify which vulnerabilities are actually exploitable and must be remediated – and which ones don’t. This increases productivity and reduces the cost of a vulnerability management program and helps prevent data breaches.
  • Module browser, leveraging the world’s largest database of quality-assured exploits so users can easily find the right exploit. Each module includes a reliability ranking, indicating its typical success rate and impact on the target system.

Metasploit Community leverages the open source Metasploit Framework, the largest collection of quality-assured exploits, with over one million downloads per year. With Metasploit Community, Rapid7 is introducing one consolidated installer for all Metasploit editions, including Metasploit Framework. The Metasploit Framework itself will continue to be free and open source.

The launch of Metasploit Community coincides with the second anniversary of Rapid7’s acquisition of the Metasploit project. During this period, Rapid7 has invested heavily in supporting the open source Metasploit Framework, growing the code base by 156%. The addition of Metasploit Community is Rapid7’s latest step in supporting the information security community.

“Metasploit Framework users fall into two camps: first, there are security researchers and developers who want a powerful platform to build custom tools and processes. The command-line interface works very well for them today, and we continue to invest in this interface. Second, Metasploit Framework is used by security and IT professionals to verify vulnerabilities and to conduct security assessments. For this group of users, the command-line console may not be the best fit. Metasploit Community Edition provides a much more accessible solution for this group – for free,” added Moore.

Security and IT professionals can easily upgrade from Metasploit Community to Metasploit Pro, continuing to work with the familiar interface on the existing installation. Metasploit Pro adds more powerful capabilities, including smart exploitation, password auditing, Web application scanning, post-exploitation, social engineering, team collaboration, comprehensive reporting and enterprise-level support.

To learn more about Metasploit or download Metasploit Community, visit www.rapid7.com/metasploit. To see a demonstration, please sign up for the Metasploit webinar “What's new with Metasploit? HD Moore's Personal Tour of the Next Product Version” by visiting http://www.rapid7.com/resources/webcast_metasploit41.jsp.

About Rapid7

Rapid7 is the leading provider of security risk intelligence solutions. Rapid7's integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are being used by more than 1,700 enterprises and government agencies in more than 65 countries, while the Company's free products are downloaded more than one million times per year and enhanced further by over 125,000 security community users and contributors. Rapid7 has been recognized as one of the fastest growing security companies worldwide by Inc. Magazine and is backed by Bain Capital Ventures. For more information about Rapid7, please visit http://www.rapid7.com.

About Metasploit

A collaboration between the open source community and Rapid7, Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments, providing true security risk intelligence. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. Metasploit editions range from a free edition to professional enterprise editions, all based on the Metasploit Framework, an open source software development kit with the world's largest, public collection of quality-assured exploits. To learn more about Metasploit or for a free trial, visit www.rapid7.com/metasploit.


SHIFT Communications for Rapid7
Amanda Munroe, 617-779-1816


SHIFT Communications for Rapid7
Amanda Munroe, 617-779-1816