Secure Network is working on the first security assessment toolkit for virtual infrastructures, VASTO, and Criscione announced today the public beta at the Troopers conference.
VASTO comes as a set of components for Metasploit, one of the most popular frameworks for penetration testing in the security industry.
The framework consists of tools, libraries, modules, and user interfaces. The basic function of the framework is a module launcher, allowing the user to configure an exploit module and launch it at a target system. If the exploit succeeds, the payload is executed on the target and the user is provided with a shell to interact with the payload. Hundreds of exploits and dozens of payload options are available.
What Secure Network released today is a number of open source modules that perform a number of different attacks: from hijacking a connection to the virtual infrastructures web-based management consoles (against VMware VI/vSphere, Server 1.x, Converter and even Citrix XenCenter) to password bruteforcing (against VMware and Xen platforms), up to a path traversal attack (against VMware ESX, ESXi and Server web interfaces).
The toolkit even includes an attack against VMware Studio.
The first round of beta version of the modules can be downloaded here. Secure Network promises more to come.