Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:26 PM
Dark Reading
Dark Reading
Products and Releases

Rapid7 Announces 3 New Magnificent7 Sponsorships

Magnificent7 Program supports innovative open-source projects in the security industry

Rapid7, the leading provider of security risk intelligence solutions, today announced that it has selected three new open source projects for the Magnificent7 Program, which supports innovative open source projects in the security industry. John the Ripper, Ghost and Buttinsky will all be supported in the second round of the program, which starts immediately. The three projects will receive financial support as well as technological, business, and marketing mentoring and expertise. Ghost and Buttinsky were chosen due to their fresh approaches to critical and underdeveloped security sectors. John the Ripper's inclusion in the program builds on Rapid7's previous support of the project, which resulted in a major technology update in 2011 and integration with the Metasploit Framework.

The Magnificent7 Program was created with a view that in the increasingly complex security landscape, open source projects can represent the best of community collaboration and deliver innovative solutions to solve very real security challenges. Rapid7 is committed to supporting these projects so they can grow and make a greater impact for more organizations. The first two projects supported by Magnificent7 – Androguard and Cuckoo Sandbox – have both released updated versions since their inclusion in the program in March 2012.

The open source projects being supported in the second round of Rapid7's Magnificent7 Program are:

John the Ripper

Rapid7 first partnered with John the Ripper – the most widely-used open source password cracking and auditing tool – in 2011, when it supported a development project that delivered a 17% improvement in gate count for the Data Encryption Standard (DES) Algorithm. Its inclusion in the Magnificent7 Program builds on this relationship, enabling core developer Alexander Peslyak to enhance parallel and distributed processing support for John the Ripper.

"Being selected for the Magnificent7 Program builds on an already-productive working relationship with Rapid7," said Alexander Peslyak, founder and core developer of John the Ripper. "There's clear demand for better parallel and distributed processing support in John the Ripper as this will enable users to more easily and effectively utilize a larger amount of computing resources. This development has consistently stayed on the back burner, but the funding from Magnificent7 will change that!"

Ghost USB Honeypot

Ghost, led by Sebastian Poeplau, is a targeted honeypot for USB malware that functions by emulating a USB flash drive to bait, detect and collect information from infected systems allowing security practitioners to protect enterprise sized networks. With Magnificent7 support, Poeplau hopes to discover preventative measures to complement the reactive functionality of the current product.

"I'm very excited that Ghost was accepted for the Magnificent7 Program. Working with Rapid7 is a great opportunity to make the project available to a wide audience and implement a lot of exciting new features," said Sebastian Poeplau, lead developer of Ghost. "I'm particularly honored to find Ghost in the company of excellent projects such as Cuckoo Sandbox and Androguard."


Lead developers, Patrik Lantz and Lukas Rist, will build a comprehensive botnet monitoring tool from scratch by combining the approaches and goals of Lantz's and Rist's existing botnet tools, Hale and WSBS, respectively. Eventually Buttinsky will integrate HPFeeds to receive sandbox data analysis, and will utilize behavior analysis to avoid detection and learn about command infrastructure.

"Botnet monitoring is a crucial part of threat analysis, but is often neglected due to the lack of proper tools," said Patrik Lantz, lead developer of Buttinsky. "The Magnificent7 Program will generate great visibility for this project to become widespread, and provide us with technical support that will aid us towards a final product that incorporates the functionality needed in the community."

If you have an innovative open source project that addresses a problem in the security space, Rapid7 would like to hear from you! Please see the Magnificent7 submission guidelines for details.

About Rapid7

Rapid7 is the leading provider of security risk intelligence. Its integrated vulnerability management and penetration testing products, Nexpose and Metasploit, and mobile risk management solution, Mobilisafe, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are used by more than 2,000 enterprises and government agencies in more than 65 countries, while the Company's free products are downloaded more than one million times per year and enhanced by the more than 175,000 members of its open source security community. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Its products are top rated by Gartner®, Forrester® and SC Magazine. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-14
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
PUBLISHED: 2021-05-14
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first c...
PUBLISHED: 2021-05-14
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App o...
PUBLISHED: 2021-05-14
Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.
PUBLISHED: 2021-05-14
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.