Metasploit Pro 3.6 was released today with a slew of new features aimed at facilitating pen testers throughout the entire penetration testing process.  One such new feature is asset tagging of groups of hosts, so that they can be grouped together easily.  Utilizing another new feature, global search, makes managing large engagements a breeze.  In addition to a free webinar on March 22 with James "egyp7" Lee on the Metasploit Framework, EH-Net regular columnist, Ryan Linn, explores Metasploit Pro.  He not only shows off some of those new features but also walks the viewer through the basic steps of performing a pen test with Metasploit Pro with the following 3 videos:
   
   - Getting Started With Metasploit Pro
   - Post Exploitation
   - Reporting and Cleaning Up

As we all know, a pen test is not over when the hacking is done.  Rapid7 realizes this as well, so the new reporting capabilities are a very welcome addition.  It is now easy to generate PCI compliance notes based on the findings throughout the penetration test.  These reports indicate exactly where the failures are and actually provides evidence to support those findings.  For those that need more detailed reports on all of the activity performed throughout a penetration test, the activity report shows all commands issued and all gathered evidence.  These two reports alone can save a lot of time for testers who need to present this type of information to their clients.

For those that haven't learned to 'stop worrying and love the GUI,' Metasploit Pro now has a console mode where you can interact with Metasploit Pro just like the Community Edition.  For those that have embraced the GUI, the addition of tags allows for easy grouping of assets, and the tags can be used in many of the fields as shortcuts for specifying specific IP addresses.  This really speeds up every step in the process.

So let's get a feel for Metasploit Pro as a whole as well as the new features of v3.6.