Metasploit 5.0: Knowledge is power, especially when it is shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just check for vulnerabilities, manage security assessments, and improve security awareness; empowers and gun defenders to always stay a step (or two) ahead of the game.
DESCRIPTION
Rapid7 announced the release of Metasploit 5.0, the new version includes several important new features and the company believes it will be easier to use and more powerful.
Metasploit is the most widely used penetration testing framework and has over 1500 modules that offer functionalities that cover every phase of a penetration test, making the life of a penetration tester comparatively easier.
Major changes introduced in Metasploit 5.0 include new databases and automation APIs, evasion modules and libraries, language support, improved performance.
Metasploit 5.0 is currently available from its official GitHub project. Rapid7 says it’s in the process of letting third-party developers know that Metasploit 5.0 is stable: Linux distributions like Kali and ParrotSec ship with Metasploit.
Changes in Metasploit 5.0
Metasploit 5.0 brings many new features, including new database and automation APIs, circumvention modules and libraries, language support, improved performance, and ease of use.
The following is a high-level overview of the features and capabilities of Metasploit 5.0.
New features
- Metasploit users can now run the PostgreSQL database itself as a REST service, allowing multiple Metasploit consoles and external tools to interact with it.
- Parallel database processing and regular msfconsole operations improve performance by offloading some bulk operations to the database service.
- A JSON-RPC API allows users to integrate Metasploit with additional tools and languages.
- This release adds a common web services framework to expose both the database and automation APIs; this framework supports advanced authentication and concurrent operations. Read more about how to get these new services up and running here.
- Adds the evasion module type and libraries to allow users to generate evasive payloads without having to install external tools. Read the research behind evasion modules here. The first Rapid7 evasion modules are here.
- The metashell feature allows users to run sessions in the background and interact with shell sessions without the need to upgrade to a Meterpreter session.
- External modules add Metasploit support for Python and Go in addition to Ruby.
- Any module can point to multiple hosts by setting RHOSTS to a range of IP addresses, or by referencing a hosts file with the file:// option. Metasploit now treats RHOST and RHOSTS as identical options.
- An updated lookup mechanism improves the startup time of the Framework and removes the dependency on the database.
What is Metasploit Pro?
Metasploit Pro is the commercially supported edition of Metasploit, the world’s leading penetration testing solution, and is designed for advanced penetration testing and enterprise security programs. Metasploit allows you to test your defenses by safely simulating attacks on your network to uncover security issues.
What is better than Metasploit?
We’ve compiled a list of solutions that reviewers voted as the best overall Metasploit alternatives and competitors, including Acunetix Vulnerability Scanner, Netsparker, SQLmap, and Veracode Application Security Platform. …
Is Metasploit a virus?
Metasploit is a hacking tool. These tools, while not viruses by nature, are considered dangerous to attack victims.
Why is Metasploit used?
The Metasploit framework is a very powerful tool that can be used by cybercriminals and ethical hackers to investigate systematic vulnerabilities in networks and servers. Because it is an open source framework, it can be easily customized and used with most operating systems.
Is metasploit dangerous?
Metasploit, like any other software, can present vulnerabilities as a result of the underlying components that make it work, the database listener and the Ruby service are installed, as well as a web framework depending on the version installed. This is an inherent risk of installing any software.
Is it illegal to use Kali Linux?
Kali Linux operating system is used to learn hacking, penetration testing. Not just Kali Linux, installing any operating system is legal. If you are using Kali Linux as a white hat hacker, it is legal, and using it as a black hat hacker is illegal.
.
