Release notes: http://www.metasploit.com/redmine/projects/framework/wiki/Release_Notes_35
This is just one day after we released Metasploit Pro (http://www.rapid7.com/products/metasploit-pro.jsp)
Official press release:
Rapid7 And Metasploit Celebrate One Year Anniversary Of The World’s Most Successful Open Source And Commercial Vendor Collaboration
Partnership Marks One Million Unique Downloads and Updates of the Metasploit Framework, Five-Fold Community Expansion, Faster Release Cycles and Quality Assurance, and Commercial Product Introductions
BOSTON, Mass. – October 20, 2010 – Rapid7®, the leading provider of unified vulnerability management and penetration testing solutions, today celebrates the one year anniversary of its acquisition of the Metasploit® Project, the open source penetration testing platform and the de facto standard for security testing with the world's largest database of public, quality-assured exploits. Undoubtedly the most successful collaboration between an open source project and a commercial vendor, the Rapid7 and Metasploit relationship has spurred one million unique new downloads and updates of the Metasploit® Framework, supported a thriving community that has grown five times in size and embraced faster release cycles, and introduced two successful commercial products within the last 12 months.
"The Metasploit Project started as a hobby many years ago and, over time, transformed into a robust, community-driven project. With the acquisition last year, Rapid7 brought additional resources that allowed us to expand the Metasploit Framework even further, turning it into the de facto standard for penetration testers and bringing the art of security testing to the masses with commercial products," said HD Moore, Rapid7 CSO and Metasploit chief architect. "It's amazing to see that the community has embraced the vendor support and collaboration by contributing to the Metasploit Framework and turning to Metasploit Express and Metasploit Pro for even more advanced capabilities. With Rapid7's commitment to open source and the community's staggering growth, this has been a very successful partnership."
This year, Moore and the Metasploit team have been able to dedicate full-time resources to deliver faster release cycles of the Metasploit Framework, which has resulted in more than one million unique downloads and updates over the past 12 months. The Metasploit Framework, now in version 3.5, has been updated with 292 additional exploits and 207 auxiliary modules, an increase of 91 and 209 percent respectively since version 3.2, the current version at the time of the acquisition. Version 3.5 includes more than 600 exploits, enhancements to the Meterpreter script design and a revamped msfcli interface to run background exploits, plus much more.
As a result of the faster releases and additional exploit information, penetration testers now have earlier access to the same information that hackers are using to compromise business-critical IT infrastructure, including exploits found in the wild. This year, the Metasploit team discovered and added notorious exploits, including DLL hijacking and VxWorks, which have impacted enterprises and security professionals since being reported. Now, with a consistent quality assurance cycle, all releases and exploits, including those in the wild, are guaranteed safe to use for attack simulation on systems.
"As a long time contributor to the Metasploit Project, I was concerned when Rapid7 first announced the acquisition about what it meant and what would happen next. Thankfully, those fears subsided as I immediately started seeing a faster development cycle with more features, fewer bugs and enhanced quality code," said Carlos Perez, a Metasploit Project contributor and security professional at a large technology company. "At the same time, I realized that Rapid7's support enabled a more engaged user community because the developers could finally dedicate more time to the project and the community around it. Through this ongoing dedication to the community, Rapid7 has provided a clear example on how to manage an active open source project and help it to grow and be profitable at the same time, and I look forward to their continued involvement in the future."
In addition to contributing to the community, Rapid7 and the Metasploit Project also filled a market gap with their collaboration to develop a stronger, more cost-effective penetration testing product for a larger audience. Rapid7 first introduced Metasploit Express™ in April 2010, an affordable, easy-to-use penetration testing solution built on the Metasploit Framework that offers a full graphical user interface, automated exploitation capabilities and reporting for enterprises. This collaborative development of an open source-based commercial product was recognized as a success when Metasploit Express secured first place in the HackMiami 2010 penetration testing competition held this summer between Metasploit Express and two other proprietary solutions.
In time for the one-year anniversary, Rapid7 also released Metasploit Pro™ to bring unrestricted remote network access, Web application scanning, social engineering campaigns and team capabilities, exceeding the functionality of Metasploit Express and further improving the efficiency of penetration testing. With this functionality, integration with Rapid7 NeXpose® vulnerability management and backing by the market's most mature penetration testing solution, the Metasploit Framework, the commercial Metasploit products have been adopted by more than 200 organizations since the first introduction five months ago.
"When done right, the open source and commercial vendor collaboration model clearly works. By putting resources behind open source projects, forward-thinking commercial vendors help the community continue to innovate and invest in the project's success by assuring its quality and growth," said Mike Tuchen, president and CEO of Rapid7. "This year, we've pioneered a special collaboration with one of the most popular open source security projects in the world and it has proven wildly successful, bringing unequalled value to the community and our own unique products. We look forward to continuing that collaboration and supporting the Metasploit community."
Rapid7 is the leading provider of unified vulnerability management and penetration testing solutions, delivering actionable intelligence about an organization’s entire IT environment. Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.
Recognized as the fastest growing vulnerability management company in the U.S. by Inc. Magazine, Rapid7 helps leading organizations such as Liz Claiborne, the United States Postal Service, Carnegie Mellon University and Red Bull to mitigate risk and maintain compliance for regulations such as PCI, HIPAA, FISMA, SOX and NERC. Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world’s largest database of public, tested exploits. To obtain a free download of NeXpose or Metasploit, please visit http://www.rapid7.com/resources/free-downloads.jsp.
For more information, visit www.rapid7.com.