It'll only be days until you can download the new Metasploit version 4.0!

The new version marks the inclusion of 36 new exploits, 27 new post-exploitation modules and 12 auxiliary modules, all added since the release of version 3.7.1 in May 2011. These additions include nine new SCADA exploits, improved 64-bit Linux payloads, exploits for Firefox and Internet Explorer, full-HTTPS and HTTP Meterpreter stagers, and post-exploitation modules for dumping passwords from Outlook, WSFTP, CoreFTP, SmartFTP, TotalCommander, BitCoin, and many other applications. All of these these improvements are available in all Metasploit editions - the free and open source Metasploit Framework, as well as the commercial editions Metasploit Pro and Metasploit Express.

As usual, we'll have several blog posts about developments to the Metasploit Framework in the coming weeks. In this post, I'd like to focus on some of the new features in the commercial editions. Metasploit Pro 4.0 is all about greater enterprise integration, cloud deployment options, and penetration testing automation. The best news for customers holding a valid license for Metasploit Express or Metasploit Pro: you'll be able to upgrade free of charge. Here are some of the features in Metasploit Pro 4.0:

Make Metasploit Pro an integral part of your risk intelligence solution

New third-party import filters: You can now import scan results from more than a dozen third-party web application scanners and additional vulnerability assessment tools to prioritize vulnerabilities and eliminate false positives (see full list of supported import formats ).

Deeper integration with NeXpose: While Metasploit provides only a file import option for third-party scanners, integrate directly with one or more NeXpose scan engines to start a scan or to verify results. This is particularly useful to organizations that have deployed NeXpose as an enterprise solution. As a result, organizations can streamline the verification of vulnerabilities and reduce their remediation costs.The integration is provided through officially supported, publicly documented APIs.

While Metasploit provides only a file import option for third-party scanners, integrate directly with one or more NeXpose scan engines to start a scan or to verify results. This is particularly useful to organizations that have deployed NeXpose as an enterprise solution. As a result, organizations can streamline the verification of vulnerabilities and reduce their remediation costs.The integration is provided through officially supported, publicly documented APIs. Vulnerability Management List Editing: Add, modify, and delete vulnerability information directly through the product user interface to tweak imported data base on verification results and add additional findings as needed.

Add, modify, and delete vulnerability information directly through the product user interface to tweak imported data base on verification results and add additional findings as needed. SIEM integration interface: Integrate Metasploit Pro with your Security Information and Event Management (SIEM) system through the RPC API and open XML format to get a better picture of your risk landscape.

Integrate Metasploit Pro with your Security Information and Event Management (SIEM) system through the RPC API and open XML format to get a better picture of your risk landscape. Automated security tests: Programmatically remote control Metasploit Pro through a new RPC programming interface to verify vulnerabilities or test systems.

Deploy Metasploit Pro in a way that works for you

Pre-packaged images for VMware vSphere: You can now deploy Metasploit as a VMware image using VMware vSphere. This decreases provisioning costs for vulnerability programs covering remote locations. The OVF format is also compatible with other virtualization solutions.

You can now deploy Metasploit as a VMware image using VMware vSphere. This decreases provisioning costs for vulnerability programs covering remote locations. The OVF format is also compatible with other virtualization solutions. Amazon Machine Image: If you need to conduct external penetration tests, you can easily deploy Metasploit in the Amazon Elastic Compute Cloud (EC2). Metasploit is available as an Amazon Machine Image (AMI) and payment for the hosting costs can be processed through Amazon Web Services (AWS) accounts, making provisioning quick and easy, even with small budgets.

Boost your penetration tests

Persistent agents and listeners: During a penetration test, mobile users and temporary network problems can cause established sessions to drop. Re-running the same exploit may not always lead to another session (or even be possible). Meterpreter now supports persistent agents and listeners so that the target machine actively re-establishes a session when it drops. Agents automatically expire after a pre-configured amount of time.

During a penetration test, mobile users and temporary network problems can cause established sessions to drop. Re-running the same exploit may not always lead to another session (or even be possible). Meterpreter now supports persistent agents and listeners so that the target machine actively re-establishes a session when it drops. Agents automatically expire after a pre-configured amount of time. Macros: Write macros that get triggered by certain events. For example, if you launch a social engineering campaign, you won't know when an email user will click on a link or open a malicious attachment, so it is not practical to wait for someone to do so and create a session. Using post-exploitation macros, you can automate what happens once a target user falls into a social engineering trap. For example, the macro could automatically loot the machine or carry out a set of pre-defined steps. Macros can chain together are arbitrary post-exploitation modules and be extended through custom post-exploitation modules.

Write macros that get triggered by certain events. For example, if you launch a social engineering campaign, you won't know when an email user will click on a link or open a malicious attachment, so it is not practical to wait for someone to do so and create a session. Using post-exploitation macros, you can automate what happens once a target user falls into a social engineering trap. For example, the macro could automatically loot the machine or carry out a set of pre-defined steps. Macros can chain together are arbitrary post-exploitation modules and be extended through custom post-exploitation modules. Exploit replay: You can now replay all previously successful attacks. This makes verification of patch installation and configurations changes trivial. This also allows the export from one Metasploit copy to be used in a later verification through another copy.

You can now replay all previously successful attacks. This makes verification of patch installation and configurations changes trivial. This also allows the export from one Metasploit copy to be used in a later verification through another copy. Offline password cracking: As a result of Rapid7's sponsorship of the open-source project John the Ripper, Metasploit Pro now automatically cracks weak passwords during the evidence collection phase, making it possible to replay these passwords across multiple machines and protocols.

Inform stakeholders and document compliance with updated reports

FISMA reports: Easily document compliance with FISMA through a new report that maps findings to controls and requirements.

Easily document compliance with FISMA through a new report that maps findings to controls and requirements. More visual reports: Metasploit Pro reports now contain charts and diagrams that visualize the results of a penetration tests.

Other new features include

Increased exploitation speed

Updated social engineering campaigns, including the ability to clone existing websites and edit HTML in a rich editor

Updated user interface to simplify managing large projects

Easily re-run tasks that have been aborted by the user

Global settings for configuring NeXpose scan engines, macros, and API keys

If you're a Metasploit Express customer and would like to know which of these features are included in your edition, please see the Metasploit Compare & Download page.

Metasploit 4.0 will be available for download in August 2011. If you can't wait that long, register for an exclusive sneak preview with HD Moore this Thursday to see the new Metasploit Pro 4.0 in action!

The Metasploit Framework is continuously updated and version 4.0 marks the inclusion of 36 new exploits, 27 new post-exploitation modules and 12 auxiliary modules, all added since the release of version 3.7.1 in May 2011. These additions include nine new SCADA exploits, improved 64-bit Linux payloads, exploits for Firefox and Internet Explorer, full-HTTPS and HTTP Meterpreter stagers, and post-exploitation modules for dumping passwords from Outlook, WSFTP, CoreFTP, SmartFTP, TotalCommander, BitCoin, and many other applications. For more information on the ongoing development of the Metasploit Framework, please visit the

-->