Rapid7 launched Metasploit Community Edition: a new free addition to the Metasploit family of software solutions, which help security and IT professionals identify and understand real security threats.


Metasploit Community combines the open source Metasploit Framework with a basic version of the robust commercial user interface available in Metasploit Pro to provide an entry-level response to the evolving threat landscape.

The solution offers a simplified approach to vulnerability verification and penetration testing, enabling organizations of any size to begin the process of understanding and addressing their security posture without the need for deep technical knowledge.

Cyber criminals are successful in breaching networks of enterprises and government agencies every day, creating huge security concerns and compliance issues. Penetration testing is a critical step in assessing the risk posture of the IT infrastructure by complementing vulnerability scans to identify gaps, verify known vulnerabilities for prioritization and decrease false positives, and ensure proper remediation.

Metasploit Community makes security assessments more accessible to individual and commercial users through an intuitive interface that offers simplified network discovery and vulnerability verification for specific exploits. This increases the effectiveness of vulnerability scanners such as Nexpose to provide true security risk intelligence.

The capabilities of Metasploit Community include:

A simple graphical user interface, which makes it much easier to get started with vulnerability verification and security assessments than command-line based alternatives.

Network discovery, enabling users to map their networks by identifying hosts, scanning for open ports and fingerprinting their operating systems and services.

Integration with vulnerability scanners, so scan data from Rapid7 Nexpose, Nmap and a dozen other solutions can be imported directly into Metasploit Community. Nexpose scans can also be initiated and sites imported directly from within Metasploit Community.

Basic exploitation, enabling users to verify which vulnerabilities are actually exploitable and must be remediated - and which ones don't. This increases productivity and reduces the cost of a vulnerability management program and helps prevent data breaches.

Module browser, leveraging the world's largest database of quality-assured exploits so users can easily find the right exploit. Each module includes a reliability ranking, indicating its typical success rate and impact on the target system.

Security and IT professionals can easily upgrade from Metasploit Community to Metasploit Pro, continuing to work with the familiar interface on the existing installation. Metasploit Pro adds more powerful capabilities, including smart exploitation, password auditing, Web application scanning, post-exploitation, social engineering, team collaboration, comprehensive reporting and enterprise-level support.