Posts tagged Release Notes

2 min InsightCloudSec

What's New in DivvyCloud by Rapid7: April 2021

This month, we’d like to focus on one key area of change included in this release: the scheduler.

2 min Application Security

New InsightAppSec Releases: Compliance Reports and the AppSec Toolkit

Things are always brewing in Rapid7 product development. Today, we’re excited to announce several exciting new features in InsightAppSec, our cloud-powered application security testing solution for modern web apps [http://0z47.d809.com/products/insightappsec/]. These include: * Custom reports for PCI, HIPAA, SOX, and OWASP 2017 compliance requirements * PDF report generation * The Rapid7 AppSec Toolkit * Macro Recorder * Traffic Viewer * RegEx Builder * Swagger/Rest API Utilit

3 min Release Notes

Weekly Metasploit Wrapup: March 14, 2016

Scanning for the Fortinet backdoor with Metasploit Written by wvu Metasploit now implements a scanner for the Fortinet backdoor. Curious to see how to use it? Check this out! wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL msf > use auxiliary/scanner/ssh/fortinet_backdoor msf auxiliary(fortinet_backdoor) > set rhosts 417.216.55.0/24 rhosts => 417.216.55.0/24 msf auxiliary(fortinet_backdoor) > set threads 100 threads => 100 msf auxiliary(fortinet_backdoor) > run [*]

5 min Release Notes

Simplify Vulnerability Management with Nexpose 5.6

We are pleased to announce the next major release of Nexpose, version 5.6.  This release focuses on providing you the most impactful remediation steps to reduce risk to your organization and extends our current configuration assessment functionality. New Look and Feel The most visible change in Nexpose 5.6 is the new look and feel of the user interface.  The action header is now smaller to maximize screen space and usability, and the new colour scheme makes it easier to focus on important areas

4 min Release Notes

Configuration Assessment and Policy Management in Nexpose 5.2

We love our policy Dashboards. They are new, hot, intuitive, robust and really useful. In our latest release of Nexpose, version 5.2, we've made two major enhancements to our configuration assessment capabilities: * A policy overview dashboard: To understand the current status of compliance of configurations delivering a summary of the policy itself.A policy rule dashboard: To provide further details for a particular rule and the current compliance status for that rule. What makes th

1 min Release Notes

SOC Monkey - FREE and in the App Store Now!

The name's Monkey.  SOC Monkey. I'm here to provide you with a new free app for the iPhone/iPad/iPod Touch that will search through infosec topics that are trending on the social web.  I'll also rank them based on what the biggest news items and hottest topics are, so you can make sure to get your banana's worth. Now, I'm not going to just barrage you with links.  I'm going to use my incredibly advanced simian brain to curate these news items, so you can focus more on what you need to get don

3 min Release Notes

Nexpose Reaches OWASP Top10 Coverage

Rapid7 is proud to announce that Nexpose's 5.1 web application scanning capabilities can now detect all types of vulnerabilities in OWASP's Top10 [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project]! We've completed this task with the addition of two new vulnerability checks, A5: Cross-Site Request Forgery (CSRF) [http://www.owasp.org/index.php/Top_10_2010-A5] and A8: Failure to Restrict URL Access [http://www.owasp.org/index.php/Top_10_2010-A8] . The next paragraphs will describe

2 min Release Notes

Metasploit Framework Updated: FastLib and More

Metasploit development moves fast. Blindingly fast, fueled by tons of open source contributors -- which is one of the reasons why we moved away from our tried and true SVN repository and on to GitHub. Now that we're on a more modern, more social development platform, we have all new ways to get overwhelmed with the pace of change on the Framework, especially since contributor code is that much easier to integrate now. So, in order to ensure that the more notable week-over-week changes get their

3 min Release Notes

Exploit for Critical Java Vulnerability Added to Metasploit

@_sinn3r [http://twitter.com/_sinn3r] and Juan Vasquez [http://twitter.com/#!/_juan_vazquez_] recently released a module which exploits the Java vulnerability detailed here [http://schierlm.users.sourceforge.net/CVE-2011-3544.html] by mihi and by Brian Krebs here [http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits]. This is a big one.  To quote Krebs: "A new exploit that takes advantage of a recently-patched critical security flaw in Java is making the rounds in the cri

3 min Release Notes

Metasploit Framework 4.0 Released!

It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and the first release under the Rapid7 banner was almost 2 years ago. Since then, Metasploit has really spread its wings. When 3.0 was released, it was under a EULA-like license with specific restrictions against using it in commercial products. Over time, the reasons for that decision became less important and the need for more flexibility came to the fore; in 2008, we released Metasploit 3.2 under a 3-clause BSD licen

1 min Release Notes

Metasploit Framework 3.7.2 Released!

It's that time again! The Metasploit team is proud to announce the immediate release of the latest version [http://metasploit.com/download/] of the Metasploit Framework, 3.7.2. Today's release includes eleven new exploit modules and fifteen post modules for your pwning pleasure. Adding to Metasploit's well-known hashdump capabilities, now you can easily steal password hashes from Linux, OSX, and Solaris. As an added bonus, if any of the passwords were hashed with crypt_blowfish (which is the d

2 min Release Notes

w3af - And now, with a stable core

Since our latest w3af release in mid January [/2011/01/19/w3af-10-rc5-better-stronger-faster], and our new windows installer release a couple of months ago, we've got lots of encouraging words telling us we are going in the right direction. The objective was near and we could almost taste it. Having a stable code-base is no joke, it requires countless hours of writing unit-tests, running w3af scripts and most importantly: fixing bugs. Now, finally we're here! In this latest release, we bring y

1 min Metasploit

Metasploit Framework 3.7.1 Released!

Originally posted by HD Moore: We are happy to announce the immediate availability of version 3.7.1 of the Metasploit Framework, Metasploit Express, and Metasploit Pro. This is a relatively small release focused on bug fixes and performance improvements. Notable highlights include an improved IPv6 reverse_tcp stager from Stephen Fewer, a performance improvement for HTTP services (client-side modules), a bug fix to channel support in the PHP Meterpreter, an update to MSFGUI, and various small

1 min Metasploit

Metasploit Framework 3.7.0 Released!

Originally Posted by egypt The Metasploit team has spent the last two months focused on one of the least-visible, but most important pieces of the Metasploit Framework; the session backend. Metasploit 3.7 represents a complete overhaul of how sessions are tracked within the framework and associated with the backend database. This release also significantly improves the staging process for the reverse_tcp stager and Meterpreter session initialization. Shell sessions now hold their output in a ri

1 min Metasploit

Metasploit Framework 3.4.1 Released!

The Metasploit Project is proud to announce the release of the Metasploit Framework version 3.4.1.  As always, you can get it from our downloads page [http://www.metasploit.com/framework/download/], for Windows or Linux.  This release sees the first official non-Windows Meterpreter payload, in PHP as discussed last month [/2010/06/14/meterpreter-for-pwned-home-pages].  Rest assured that more is in store for Meterpreter on other platforms.  A new extension called Railgun [http://mail.metasploit.c