Since the "gag order" has been lifted since the official launch of
Metasploit Pro, I thought I might share some screen shots and some quick thoughts about Metasploit Pro (Beta). It is a web interface that
The install/setup of Metasploit Pro (Beta) is really self explanatory. Just some quick initial configurations settings to get started.
That's it, that's all there is to it. Of course if you want to leverage NeXpose vulnerability scanning, further configuration will be needed.
To start off, you have to create a Project where you will define the subnet(s) and Metasploit users you want to access the project/results.
Once you've got the Project created, you can create separate tasks underneath that Project. Below is a "Host and Service Discovery" task.
Then once you run the task you can view the task status. Below is the "Host and Service Discovery" task running that we created above.
Once that scan is complete you can view the Hosts that were discovered:
Metasploit Pro also has a "Campaign" capability allowing you to setup and manage a Social Engineering/Phishing Campaign to allow you to attack the human factor. Definitely useful!!
So as you can see, the Metasploit Pro product is aesthetically pleasing, intuitive, and will no undoubtedly compete with the the other competitors in the penetration testing software category. Couple it with the NeXpose vulnerability scanner, it is a complete vulnerability, exploiting, and social engineering package. The reporting was pretty decent as well for providing the information to your company or clients.
