Metasploit Express uses the same framework as the more established Metasploit program, which remains open source, and which is due to be updated with the release of version 3.4 next month. It features the Metasploit Express Workflow Manager, a workflow engine providing a step-by-step model to simplify testing programs and eliminate manual processes.
The system also integrates with Rapid7 NeXpose, a vulnerability management system. Users can launch a vulnerability scan in that product directly from within the Metasploit Express user interface, and Metasploit Express will harvest the vulnerability information garnered by NeXpose, Rapid7 said.
The graphical user interface is complemented by complete user action logs and an advanced penetration testing window, according to Rapid7, which also said that it includes full network penetration testing capabilities. Features included that are found in the original Metasploit product other than the addition of a GUI include automated database compromise and automated device compromise, along with support for penetration testing lifecycle management.
Reports can be exported as XML files, or can be delivered as a standard reports in PDF or Word format. Metasploit Express features configurable administrative settings and site configurations, along with online customer support. It can be used for evidence collection, and provides detailed audit logs, Rapid7 said.