Meterpreter Pivoting, Web Scanning, Wireless, and More!

Last week we released Metasploit 3.3.2 following on the heels of Metasploit 3.3.1. This release marked a major change to how the Meterpreter backend processed commands; instead of running each request serially, the Meterpreter now spawns a background thread for each request. This allows for multiple scripts to access the same Meterpreter instance at the same time and vastly improves the pivoting functionality. Version 3.3.2 also added support for a standards-compliant XMLRPC server, enhanced the NeXpose Plugin, updated the Oracle mixins, cleaned up the database backend, and fixed 45 bugs. Rapid7 also released an update for NeXpose Community Edition that provides PDF and HTML reporting and adds vulnerability checks for the past Microsoft Tuesday.We plan to release version 3.3.3 before the end of the year, with a focus on exploit ranking, improving the WMAP web scanner, and expanding our WiFi functionality through Lorcon2.For those unfamiliar with WMAP, think of it as a web app scanner that has been deconstructed into individual tests. Every security test performed by WMAP can be executed as part of an automated scan or manually as an auxiliary module. Data from one type of scanner module can be fed into another type, which in turn gathers even more data, and so on. The slick part is that these modules have (continue reading...)