DATA SHEET

RAPID7 METASPLOIT PRO KEY BENEFITS Complete penetration test assignments faster by automating repetitive tasks and leveraging multilayered attacks Assess the security of Web applications, network and endpoint systems, as well as email users Emulate realistic network attacks based on the leading Metasploit Framework with more than 120,000 users Test with the worlds largest public database of quality assured exploits Tunnel any traffic through compromised targets to pivot deeper into the network Collaborate more effectively with team members in concerted network tests Customize the content and template of reports As enterprises and government agencies face increasing threats to complex, businessbusiness critical systems, the ability to simulate realistic attacks on their infrastructure in a fast and cost-effective manner is critical. Metasploit Pro is the solution for security professionals in enterprise, government and consulting firms who need to reduce costs by making network security testing more efficient. Unlike alternative products, Metasploit Pro improves the efficiency of penetration testers by providing unrestricted unrestric remote network access and enabling teams to efficiently collaborate. Only Metasploit products are based on the Metasploit Framework, the gold standard for penetration testing, and are therefore best suited to emulate realistic attacks.

Key characteristics: Advanced full multi-layered penetration testing capabilities pivot through Web, network, and endpoint targets, aided by stealth and social engineering features Efficient intuitive GUI accelerates standard tasks, completing assignments faster Safe quality assurance and reliability ratings for all exploits ensures they are safe to use and dont install any software on the target systems Integrated Launch nmap and the NeXpose vulnerability scanner (optional) from within Metasploit Pro to exploit the most vulnerable systems first for faster results Supported backed by Rapid7s customer support staff with dedicated SLAs for both Metasploit Pro and supported components in the Metasploit Framework Great value leveraging its community of more than 120,000 security professionals and researchers, Rapid7 is able to offer this solution at a great value

RAPID7 Corporate Headquarters

545 Boylston Street Boston, MA 02116

617.247.1717

www.rapid7.com

Automated Penetration Testing Workflow KEY PROCESS STEPS Project Creation: Initiate discrete internal and/or external components of a penetration test. Discover Devices: Identify hosts, scan for open ports and fingerprint the operating systems and services. Import scan data from NeXpose, Nmap and other solutions. NeXpose scans can also be initiated directly from within Metasploit Pro. Gain Access: Gain access using Bruteforce, Exploitation, Social Engineering, Web Applications, and Manual Exploitation methods. Take Control: Create a command shell or Meterpreter session to control the device in the target environment, pivot to other machines. Collect Evidence: Gather artifacts for proof of access and obtain authentication credentials across multiple systems at once Extend Access: Recycle and replay capture authentication credentials to extend access to a greater number of targets Cleanup and Reporting: Gracefully complete an engagement and leverage iReport and Jasper templates for customized reporting Leveraging the open source Metasploit Framework used by more than 120,000 security professionals, Metasploit Pro delivers the following core capabilities: Latest exploits and payloads Leverages the worlds largest, fully quality assured and integrated public database of exploits and payloads to conduct your tests. Extensive attack targets Compromises standard and custom Web applications, network devices, database servers, endpoint systems, and email users. Full graphical user interface Simplifies usability and greatly enhances efficiency of penetration testers and security experts in a step-by-step model. VPN pivoting Tunnels any traffic through the target, for example to route vulnerability scans through a compromised machine. Social engineering Uses phishing and endpoint security testing to create exploit campaigns, track click-throughs, and capture passwords. Web applications Identify web services across the entire enterprise, audit these services for vulnerabilities, and quickly exploit them to validate the results. Team support Enables teams to coordinate concerted attacks. Robust reports Includes online and offline reports with detailed vulnerabilities descriptions and remediation information and customized design templates. Strong enterprise-class support offering Benefits from guaranteed enterpriselevel support with SLAs from Rapid7 customer care professionals. Other commercial products were designed more as exploit execution platforms and less as penetration testing solutions. Metasploit Pro was created with the specific needs of a penetration tester in mind. The Metasploit Pro Workflow Manager automates all penetration testing steps that security professionals would otherwise conduct manually, saving significant time and effort.

ABOUT RAPID7 Rapid7 is the leading provider of vulnerability management and penetration testing solutions, delivering actionable intelligence about an organizations entire IT environment. Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.

DS 10/10

RAPID7 Corporate Headquarters

545 Boylston Street Boston, MA 02116

617.247.1717

www.rapid7.com