Rapid7 introduced Metasploit Express, a comprehensive penetration testing solution built on the open source Metasploit Framework.

Metasploit Express is designed specifically for penetration testers and security professionals that require the ability to quickly determine real risks to data and infrastructure.

Based on the world’s largest tested and integrated public database of exploits and payloads, Metasploit Express not only runs exploits but also detects and tests insecure configurations, such as weak passwords. It enables penetration testers to illuminate trust relationships between systems for a more accurate risk profile. In addition to testing standard PCs and servers, the product is able to compromise a wide range of network devices and offers data collection and automation capabilities for these devices.

Metasploit Express’ extensive network penetration testing capabilities are further enhanced by the product’s rich graphical user interface and the Metasploit Express Workflow Manager, a workflow engine that provides a step-by-step model to simplify and accelerate testing programs and eliminates the burden of many manual processes found with traditional exploit attack platforms.

“Metasploit Express and the upcoming Metasploit Framework 3.4 provide significant enhancements to the community and help not only advance the art of penetration testing but enable users of all skill levels to benefit from the ability to find vulnerabilities in a variety of systems and then test for exploitability,” said HD Moore, Rapid7 CSO and Metasploit chief architect. “We’ve remained committed to improving the Metasploit Framework with consistent enhancements and accelerated quality assurance, and Metasploit Express and the Metasploit Framework 3.4 are testament to that work. We thank the community for all that they contributed.”

Metasploit Express 3.4 costs $3,000 per user per year and includes support with dedicated SLAs provided by Rapid7 staff.