Rapid7, a Boston, Massachusetts based provider of vulnerability management and penetration testing solutions, today announced the availability of Metasploit Pro, its new software targeted to security professionals in enterprises, government agencies and consulting firms who need to test the security of networks.

Metasploit Pro, priced at $15,000 per user annually, provides unrestricted remote network access and enables teams to collaborate on network penetration testing projects. Metasploit Pro offers additional functionality over Metasploit Express, its lower end solution priced at $3,000 per user annually, with support for security testing of custom Web applications, managing client-side campaigns against end-users and additional evasion features.

“Metasploit Pro completes our suite of penetration testing products and addresses the needs of the penetration testing expert who requires advanced features,” said Mike Tuchen, Rapid7 president and CEO.

The Metasploit Framework is a widely used solution, and according to Rapid7, users have downloaded Metaspolit over one million times in the past year. The company also claims Metaspolit has the world’s largest, public database for quality assured exploits.

To efficiently ensure the highest possible security of their IT infrastructure, enterprises need to prioritize the mitigation of vulnerabilities. Metasploit is the world’s only penetration testing solution that directly launches NeXpose vulnerability scans to verify vulnerabilities. Based on this enterprise risk scoring, organizations can make informed decisions about which vulnerabilities should be addressed first.

“With Metasploit Pro, my team can maximize the efficiency of our penetration tests while minimizing the number of tools we require. Metasploit Pro combines the power of the Metasploit Framework with a simple-to-use interface that allows us to hit the ground running,” said Joshua Brashars, senior security consultant at AppSec Consulting, an information security firm and a Rapid7 consulting partner.

Features of Metasploit Pro:

• Scans and exploits Web applications. Metasploit Pro enables users to scan and exploit both standard and custom Web applications, often the most publicly accessible server on the network. These can provide a pivot point into a database or further into the network.

• Runs social engineering campaigns. Metasploit Pro runs custom social engineering campaigns, including website cloning for phishing and emails with malicious attachments, to compromise end-user systems, providing additional attack vectors into the network.

• Achieves unprecedented network access. Metasploit Pro can achieve unrestricted remote network access through a compromised host. Metasploit Pro’s VPN pivoting evades firewall restrictions and provides encrypted access into networks at the Ethernet level, providing the same capabilities as a physical network tap. As a result, penetration testers can run any network discovery tool, such as the NeXpose vulnerability scanner, through a compromised host as if they were directly connected to the internal network.

• Enables unique team collaboration. Metasploit Pro is the world’s first penetration testing solution that supports team collaboration to coordinate concerted attacks. Team members can see and search each other’s actions, progress and notes to make team efforts more efficient. Known hosts, credentials and hashes are automatically leveraged by other team members.

“With Metasploit Pro, we’ve delivered a solution for penetration testers who love the workflow of Metasploit Express but needed to go even further with their security assessments,” said HD Moore, Rapid7 CSO and Metasploit chief architect.

Available immediately, Metasploit Pro is priced at $15,000 annually per user.

Related Reading: Silly Kiddie, Exploits are for Free!

< Be Informed. Subscribe to the SecurityWeek Email Briefing Here >