Rapi7 restores Metaspoit to Kali

October 29, 2015 ~ hucktech ~ Leave a comment

An update to this older post:

Kali 2.0 ships …without Metasploit

Metasploit is back in Kali!

Metasploit Pro, Express & Community now support Kali Linux 2.0 [BLOG]: https://t.co/Wt9a0ZJ1hh by @erayymz

— Metasploit Project (@metasploit) October 20, 2015

https://community.rapid7.com/community/metasploit/blog/2015/10/20/kali-2-new-operating-systems-support

Great news, thanks Rapid7!

Now if you could just rewrite it in Python. 🙂

insecure baby monitors

September 2, 2015 ~ hucktech ~ Leave a comment

Rapid7 did an IoT security study of baby monitors, that’s currently being covered by the Verge and a lot of other news sites today.

The results were abysmal. Eight of the nine cameras received a failing F, while the other received a D. The security failures included a number of known vulnerabilities, including transmitting video and sending data to servers without encryption. Many of the connected devices also had built-in passwords that could be guessed (or worse, published) by the attacker, a long-standing concern in embedded devices.

http://www.theverge.com/2015/9/2/9241661/baby-monitors-vulnerable-hacking-patch-zero-day
https://www.rapid7.com/resources/iot/index.jsp

Kali 2.0 ships …without Metasploit

August 12, 2015 ~ hucktech ~ 1 Comment

Kali releases 2.0:
https://www.kali.org/releases/kali-linux-20-released/
https://www.kali.org/downloads/

But now Kali no longer includes Metasploit:

“At the request of Rapid7, we have removed the Metasploit Community / Pro package from Kali Linux and now host the open-source metasploit-framework package only. For all of you who require Community or Pro, you will now need to download it from Rapid7 and then register and submit your personal details in order to get a license. In addition, the Rapid7 team no longer maintains the Metasploit package in Kali, which has brought with it some substantial changes – we’ve moved to a “native” setup, where rather than bundling all the required software needed to run Metasploit in one big package, we use native dependencies within Kali to support the metasploit-framework package. This results in a faster, smoother work experience and easier integration with Metasploit dependencies. For more information about this, check out our Metasploit Framework in Kali documentation page.”

In related ironic news, Rapid7 gave out Open Source love tshirts at DEF CON 23:
https://community.rapid7.com/community/metasploit/blog/2015/07/30/weekly-metasploit-wrapup
I wonder long long it’ll take for Rapid7 to make Metasploit a commercial-only product? 😦