Active Audit Agency

т: +38(044) 228-15-88

e-mail: info@auditagency.com.ua

Metasploit (rapid7)

Nowadays many companies are trying to identify risks for theirs information systems and simulteniously attacks complexity is growing. Penetration testing products allow experts to detect security breaches.

Metasploit product has been developed especially for information security experts and penetration testers. It is a scalable solution to test enterprise's network based on proven publically known vulnerabilities and exploits. Metasploit is not only for automation expoits operations but it also uses usual breaches connected to unsecure system and/or application configuration and simple passwords.

Key charachteristics:


Metasploit (Rapid7)
  • Full penetration tersing process organization with vulnerabilities exploitation
  • Simple graphic user interface to keep all process on track from the beginning to the end

  • Metasploit allows to conduct WEB servers testing, network equipment testing, databases and back end nodes testing and users' priviledges testing;
  • All exploits secure usage is guaranteed;
  • Integrated with others popular scanners(Rapid7 NeXpose, Nmap and others);
  • Uses one of the biggest in the world public database with guaranteed quality;
  • Has the powerful and flexible report generation system.

Version comparison

  Metasploit Framework Metasploit Express Metasploit PRO
Targeted Open Source for community For information security specialists For Pentest companies and consultants
Pricing FREE Call us Call us
Attacks simulation:
Base Metasploit Framework with last exploits versions and payload
+
+
+
Automatic network discovery, "smart" password brute force, repeated credentials for access, pass-the-hash attacks, exploited vulnerabilities simulation attempts
-
+
+
Proxy pivoting
+
+
+
VPN pivoting (2nd level of OSI)
-
-
+
Automatic evidences collection and audit reports generation
-
+
+
Working "in a covert" mode (to pass IDS, IPS, and antivirus)
-
-
+
Exploits and additional mudules database

 

-
+
+
Objects to attack:
Servers, workstations, WEB servers, databases, network equipment
+
+
+
Automatic database and network equipment penetration attempts

 

-
+
+
Standard and configurable scanning and exploitation of WEB servers

 

-
-
+
Tolls to conduct social engineering activities including phishing

 

-
-
+
Working process:
Working process organization (detection, gaining access and priviledges escalation, ennumerating further, evidences collection)

 

-
+
+
Tolls to support teamworking for penetration testers

 

-
-
+
Notifications:
Import different vulnerability scanners formats (XML)

 

+
+
+
Creating reports in HTML, PDF, Word, XMLformats
-
+
+
Confugurable reporting templates
-
-
+
Penetration test logging

 

-
-
+
Administration:
Command line interface
+
-
-
Graphic User Interface (GUI) with optional command line support.
-
+
+
Access restriction to subprojects
-
-
+
Integration with NeXpose
+
+
+
Basic XML-RPC interface
+
+
+
Basic XML-RPC interface with a framework support
-
+
+
Support:
Community
+
+
+
Customer support with SLA
-
+
+

To order product or get more information please contact us by phone +38 044 228 15 88 or E-mail: info@auditagency.com.ua