Division Zero (Div0). Copyright © 2011-2018

All rights reserved.

Safe PenTesting with Metasploit

16 Jan 2013

For anyone who's experience with Metasploit will know that there's a risk of crashing the target system. That's because systems vulnerabilities are not intended by the developers - thus, they are neither documented nor supported. It is very important not to disrupt your client's day-to-day operations when testing their production systems.


Christian Kirsch of Rapid7 shared 5 tips to ensure safe penetration test with Metasploit:

  1. Only use exploit modules with a reliability ranking of “Great” and above on production systems.

  2. Communicate with IT operations. Depends on the penetration test policies, it may be a good idea to talk to the application owners to ensure they're aware, buy into the process, and alert you if anything has gone awry.

  3. Test during maintenance windows. It is recommended not testing systems that are being serviced since this will make troubleshooting more difficult.

  4. Use the Audit Report (in Metasploit Express or Pro) to analyse situations.

  5. Throw the kitchen sink at test systems. Test only “Great” and above exploit modules on production systems. But throw everything you got on the test systems; malicious attacker does not care about the stability of the target system.










Share on Facebook
Share on Twitter
Please reload


September 5, 2017

Please reload

Please reload

RSS Feed