2 min
InsightCloudSec
What's New in DivvyCloud by Rapid7: April 2021
这个月,我们将关注这个版本中包含的一个关键变化:调度器.
2 min
Application Security
新InsightAppSec发布:合规报告和AppSec工具包
在Rapid7的产品开发中,事情总是在酝酿之中. Today, we’re excited to
宣布InsightAppSec的几个令人兴奋的新功能,我们的云驱动
用于现代web应用程序的应用程序安全测试解决方案
[http://avxp.healthydairyland.com/products/insightappsec/].
These include:
* PCI、HIPAA、SOX和OWASP 2017合规要求的自定义报告
* PDF report generation
* The Rapid7 AppSec Toolkit * Macro Recorder
* Traffic Viewer
* RegEx Builder
* Swagger/Rest API Utilit
3 min
Release Notes
Weekly Metasploit Wrapup: March 14, 2016
用Metasploit扫描Fortinet后门
Written by wvu
Metasploit现在实现了Fortinet后门的扫描器. Curious to see
how to use it? Check this out!
wvu@kharak:~/metasploit-framework:master$ ./msfconsole -qL
msf > use auxiliary/scanner/ssh/fortinet_backdoor
msf auxiliary(fortinet_backdoor) > set rhosts 417.216.55.0/24
rhosts => 417.216.55.0/24
msf auxiliary(fortinet_backdoor) > set threads 100
threads => 100
msf auxiliary(fortinet_backdoor) > run
[*]
5 min
Release Notes
Simplify Vulnerability Management with Nexpose 5.6
我们很高兴地宣布下一个主要版本的曝光,版本5.6. This
发布侧重于为您提供最有效的补救步骤
给您的组织带来风险,并扩展我们当前的配置评估
functionality.
New Look and Feel
The most visible change in Nexpose 5.6 is the new look and feel of the user
interface. 动作标题现在更小,以最大化屏幕空间和
可用性,新的配色方案使人们更容易关注重要的区域
4 min
Release Notes
暴露5中的配置评估和策略管理.2
We love our policy Dashboards. They are new, hot, intuitive, robust and really
useful. In our latest release of Nexpose, version 5.2, we've made two major
增强了配置评估功能:
*策略概述仪表板:了解合规的当前状态
提供策略本身摘要的配置.A policy rule
仪表板:提供特定规则和当前的详细信息
compliance status for that rule.
What makes th
1 min
Release Notes
SOC Monkey - FREE and in the App Store now!
The name's Monkey. SOC Monkey.
我在这里为你提供一个新的免费应用程序为iPhone/iPad/iPod Touch
是否会搜索社交网络上流行的信息安全主题. I'll
还可以根据最大的新闻项目和最热门的话题进行排名,所以
you can make sure to get your banana's worth.
Now, I'm not going to just barrage you with links. I'm going to use my
非常先进的类人猿大脑来整理这些新闻,所以你可以集中注意力
more on what you need to get don
3 min
Release Notes
Nexpose Reaches OWASP Top10 Coverage
Rapid7 is proud to announce that Nexpose's 5.1 web application scanning
功能现在可以检测OWASP Top10中的所有类型的漏洞
[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project]! We've
通过添加两个新的漏洞检查A5完成了这项任务:
Cross-Site Request Forgery (CSRF)
[http://www.owasp.org/index.php/Top_10_2010-A5] and A8: Failure to Restrict
URL
Access [http://www.owasp.org/index.php/Top_10_2010-A8] . The next paragraphs
will describe
2 min
Release Notes
Metasploit Framework Updated: FastLib and More
Metasploit development moves fast. Blindingly fast, fueled by tons of open
源代码贡献者——这也是我们放弃我们的
tried and true SVN repository and on to GitHub. Now that we're on a more modern,
更多的社交发展平台,我们有各种各样的新方式来应对
框架的变化速度,特别是贡献者的代码是这样的
much easier to integrate now. So, in order to ensure that the more notable
week-over-week changes get their
3 min
Release Notes
Metasploit新增关键Java漏洞
@_sinn3r [http://twitter.com/_sinn3r] and Juan Vasquez
[http://twitter.com/#!/_juan_vazquez_] recently released a module which
exploits the Java vulnerability detailed here
[http://schierlm.users.sourceforge.net/CVE-2011-3544.html] by mihi and by Brian
Krebs here
[http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits].
This is a big one. 引用克雷布斯的话:“利用一个
最近,Java中一个被修补的严重安全漏洞在
cri
3 min
Release Notes
Metasploit Framework 4.0 Released!
It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and
Rapid7的第一个版本是在两年前发布的. Since then,
Metasploit has really spread its wings. When 3.0 was released, it was under a
类似eula的许可证,对商业使用有特定的限制
products. 随着时间的推移,做出这个决定的原因变得不那么重要了
need for more flexibility came to the fore; in 2008, we released Metasploit 3.2
under a 3-clause BSD licen
1 min
Release Notes
Metasploit Framework 3.7.2 Released!
It's that time again! Metasploit团队很自豪地宣布即时
release of the latest version [http://metasploit.com/download/] of the
Metasploit Framework, 3.7.2. 今天的版本包括11个新的漏洞利用模块
and fifteen post modules for your pwning pleasure. Adding to Metasploit's
众所周知的哈希转储功能,现在您可以轻松地从
Linux, OSX, and Solaris. 作为额外的奖励,如果任何密码被散列
with crypt_blowfish (which is the d
2 min
Release Notes
w3af - And now, with a stable core
Since our latest w3af release in mid January
[/2011/01/19/w3af-10-rc5-better-strong -faster],以及我们新的Windows安装程序
发布几个月前,我们得到了很多鼓舞人心的话告诉我们
we are going in the right direction. The objective was near and we could almost
taste it. 拥有一个稳定的代码库不是开玩笑的,它需要无数个小时的工作
编写单元测试,运行w3af脚本,最重要的是:修复bug. Now,
finally we're here!
In this latest release, we bring y
1 min
Metasploit
Metasploit Framework 3.7.1 Released!
Originally posted by HD Moore:
我们很高兴地宣布版本3立即可用.7.1 of the
Metasploit框架,Metasploit Express和Metasploit Pro. This is a
相对较小的版本专注于bug修复和性能改进.
值得注意的亮点包括Stephen改进的IPv6 reverse_tcp stager
更少,HTTP服务(客户端模块)的性能改进,一个bug
修复了PHP Meterpreter中的通道支持,更新了MSFGUI,以及各种
small
1 min
Metasploit
Metasploit Framework 3.7.0 Released!
Originally Posted by egypt
Metasploit团队在过去的两个月里一直专注于其中一个
least-visible, but most important pieces of the Metasploit Framework; the
session backend. Metasploit 3.7 represents a complete overhaul of how sessions
是否在框架内被跟踪并与后端数据库相关联. This
Release还显著改进了reverse_tcp的暂存过程
stager and Meterpreter session initialization. Shell sessions now hold their
output in a ri
1 min
Metasploit
Metasploit Framework 3.4.1 Released!
Metasploit项目自豪地宣布Metasploit的发布
Framework version 3.4.1. As always, you can get it from our downloads page
[http://www.metasploit.com/framework/download/], for Windows or Linux. This
发布了第一个官方的非windows Meterpreter有效负载,在PHP中
上个月讨论过[/2010/06/14/meterpreter-for- pwneded -home-pages]. Rest
我们确信Meterpreter将会在其他平台上推出更多内容. A new
extension called Railgun
[http://mail.metasploit.c