In addition to wooing the enterprise IT security staff with new features, Rapid7 also kept the pentesters in mind with this release as well.

The new version features 36 new exploits, 27 new post-exploitation modules -- or modules designed for system reconnaissance -- and 12 auxiliary modules, all of which have been added since the last update, version 3.7.1. The software package a total of 716 exploit modules, 361 auxiliary modules and 68 post-exploitation modules.

Nine of the new exploits are aimed at SCADA (supervisory control and data acquisition) systems, and others harness vulnerabilities in the Firefox and Internet Explorer browsers. Among the post-exploitation modules are capabilities for obtaining passwords from Microsoft Outlook, WSFTP, CoreFTP, SmartFTP, TotalCommander, BitCoin and other applications.

Rapid7 has also released updated versions of Metasploit Pro, a collection of reporting tools, and Metasploit Express, which provides entry-level vulnerability verification and penetration testing capabilities.

The IDG News Service