Vulnerabilities / Threats
8/2/2010
05:46 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Metasploit To Get More Powerful Web Attack Features

Rapid7 sponsors open-source w3af Web assessment and exploit project

A popular open-source Web application attack and audit framework is now under the umbrella of Rapid7, the vulnerability management company that purchased the Metasploit Project last year. The w3af project ultimately will bring more Web security features and functions to both the Metasploit tool and Rapid7's commercial NeXpose product.

Click here for more of Dark Reading's Black Hat articles.

The open-source Metasploit penetration-testing tool currently has exploits for a handful of Web application bugs, as well as a few for generic Web flaws that affect multiple applications, says HD Moore, chief architect of Metasploit and chief security officer at Rapid7. But the goal is to expand Metasploit with more integrated Web flaw detection and attack features.

"Where we are moving to is toward dynamic detection and exploitation of vulnerabilities in custom applications and in known-vulnerable applications installed in nonstandard directories," Moore says. "So [we're] combining [Web] crawling with scanning to find vulnerable applications and then apply 'generic' Web application exploit modules against those to get access.

"The WMAP [plug-in] code in Metasploit is a good start, but we are looking at making the entire process much smoother."

Last week at Black Hat USA Rapid7 announced it had launched a new open-source initiative for Web security called the Worldwide Center of Excellence (COE). As part of the COE, Rapid7 is now sponsoring and partnering with the open-source Web application attack and audit framework w3af, and has hired its founder, Andres Riancho, as director of Web security and leader of the open-source Web program. The arrangement is somewhat similar to what Rapid7 did with its purchase of Metasploit -- keeping the open-source framework's creator at the helm of the project as well as hiring him in-house.

The w3af platform includes specific Web tools for specific tasks, such as Web assessments, scanning, and brute-force attacks. It also contains a "fancy UI [user interface]," Moore notes.

Meanwhile, Rapid7's commercial NeXpose product also will benefit from the w3af partnership. Rapid7 plans to enhance its NeXpose Web app scanner's performance and accuracy, as well as expand its vulnerability detection scope and support for client-side technologies, the company said in its announcement of the w3af deal. It also will add full-time developers to the w3af open-source project, while the w3af license and copyright will remain intact as is.

"Rapid7 is leveraging Andres' knowledge of the Web application space to expand the Web application coverage in NeXpose, [but] there aren't any direct code merges at this time," Moore says.

In addition, look for Riancho to play a role in shaping the future Web hacking features of Metasploit. "We plan to expand our coverage of the Web application penetration-testing space in Metasploit, and Andres will be contributing to that process as well," Moore says. Moore says he will release a road map for Metasploit in the next month or two, which will include more details on how it will integrate with w3af.

"Rapid 7 has made a smart move by keeping the momentum they started with Metasploit with w3af. They now have best-of-breed system-level and Web application attack frameworks," says David Maynor, CTO with Errata Security. "It seems like Rapid7 is quickly sounding the death knell for traditional scanner technology."

Meanwhile, as part of Rapid7 Metasploit has been downloaded or updated by more than 740,000 people in the first half of this year, a number the company says is two times the number of participants who did so in the second half of 2009.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

CVE-2014-9709
Published: 2015-03-30
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.