Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Metasploit team released Metasploit Vulnerable Services Emulator

Rapid7 released the Metasploit Vulnerable Services Emulator, a new tool that can be used by IT experts to emulate vulnerable services. Which is the best way to protect a system? You need to think of the system in the attacker’s perspective, for this reason, Metasploit has now a new tool that can be used to […]

Metasploit team released Metasploit Vulnerable Services Emulator

Rapid7 released the Metasploit Vulnerable Services Emulator, a new tool that can be used by IT experts to emulate vulnerable services.

Which is the best way to protect a system? You need to think of the system in the attacker’s perspective, for this reason, Metasploit has now a new tool that can be used to emulate vulnerable service, the Metasploit Vulnerable Services Emulator. The tool is open source, it was designed to give users a vulnerable OS platform that could allow security experts to test the thousands of Metasploit modules available for its community.

“There’s one problem: it’s hard to use Metasploit without vulnerable services to play against.” wrote Jin Qian in a blog post. “We developed the Vulnerable Services Emulator to fill this gap. It is a framework that makes it easy to emulate the vulnerable services for penetration testing purposes”

In the past, Metasploit released two vulnerable OS images, Metasploitable2 and Metasploitable3, with this purpose. but their use was limited due to the small subset of the thousands of Metasploit modules available for users.

Metasploit Vulnerable Services Emulator

The Metasploit Vulnerable Services Emulator is available on GitHub, it already emulates more than 100 vulnerable services as explained by Qian.

“Right now, it emulates over 100 vulnerable services, covering things like compromising credentials, getting a shell from the victim, and more. After going through module exercises, users can learn details about security vulnerabilities and how to test them, and are encouraged to continue to learn and play with Metasploit’s capabilities,” said Qian.

The Metasploit Vulnerable Services Emulator works on Windows, Mac or Linux. It is very easy to install and use, as a prerequisite it requires the installation of a working Perl installation.

The developers who designed the tool used JSON to describe vulnerable services, a choice to make independent the platform from the specific programming language.

“We know developers have very different preferences on programming languages, so instead of implementing the vulnerable services using a particular language, the framework describes vulnerable service interactions in JSON.” continues the post. “It’s not a programming language per se but it has enough logic for service emulation. The following is the description for the vulnerable printer service.”

Security experts can use the Metasploit Vulnerable Services Emulator to test their Metasploit modules or to get training on Metasploit.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Metasploit Vulnerable Services Emulator, hacking)