Validating Vulnerabilities with Metasploit

Sep 13, 2012
Ed Bellis
Chief Technology Officer, Co-founder

Share with Your Network

We recently added the ability to track publicly available exploits for any vulnerabilities discovered in your environment, regardless of how they were discovered. We viewed this as a step in the right direction and one of many factors that go into prioritizing remediation efforts. Our friend Mike Rothman over at Securosis took notice of this, both acknowledging the need while calling it out as “not enough” and looking for additional data such as attack paths. We couldn’t agree more.

We are continually building more integrations in order to provide as much contextual data as possible to help identify “truly critical” issues inside your environment. This includes available exploits, business processes affected, network connectivity, location and more. With our latest integration, you can now test your mitigating controls to see if they are effective. Think that vulnerability discovered by your scanner is protected by your IPS? Why not test it out? By using your Metasploit connector within Risk I/O, you can attempt to exploit the vulnerability with one click and validate your controls.

Use our Metasploit connector to validate your vulnerabilities.

To start, go to your Connectors tab and create a new Metasploit connector. You’ll need your host location and credentials to set it up. Once created, you can filter by “Known Exploits Exist” within your Vulnerabilities tab to find vulnerabilities that have a publicly available exploit. You can then view any of the vulnerability details, click the Known Exploits tab and initiate your attack via the obviously red attack button. That’s it! From here Risk I/O schedules and performs the attack via Metasploit and reports back and persists the results within the vulnerability record.

Go ahead and give it a try and let us know what you think. If you don’t have an account, sign up for a free one.

By the way, if you haven’t read the Vulnerability Management Evolutionpaper from Securosis, go do it now. A lot of great content there and best of all, it’s free!

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.