Validating Vulnerabilities with Metasploit
Share with Your Network
We recently added the ability to track publicly available exploits for any vulnerabilities discovered in your environment, regardless of how they were discovered. We viewed this as a step in the right direction and one of many factors that go into prioritizing remediation efforts. Our friend Mike Rothman over at Securosis took notice of this, both acknowledging the need while calling it out as “not enough” and looking for additional data such as attack paths. We couldn’t agree more.
We are continually building more integrations in order to provide as much contextual data as possible to help identify “truly critical” issues inside your environment. This includes available exploits, business processes affected, network connectivity, location and more. With our latest integration, you can now test your mitigating controls to see if they are effective. Think that vulnerability discovered by your scanner is protected by your IPS? Why not test it out? By using your Metasploit connector within Risk I/O, you can attempt to exploit the vulnerability with one click and validate your controls.
To start, go to your Connectors tab and create a new Metasploit connector. You’ll need your host location and credentials to set it up. Once created, you can filter by “Known Exploits Exist” within your Vulnerabilities tab to find vulnerabilities that have a publicly available exploit. You can then view any of the vulnerability details, click the Known Exploits tab and initiate your attack via the obviously red attack button. That’s it! From here Risk I/O schedules and performs the attack via Metasploit and reports back and persists the results within the vulnerability record.
Go ahead and give it a try and let us know what you think. If you don’t have an account, sign up for a free one.
By the way, if you haven’t read the Vulnerability Management Evolutionpaper from Securosis, go do it now. A lot of great content there and best of all, it’s free!