Get a real-world look at how attackers could exploit your vulnerabilities—和 guidance on how to stop them—with our pen testing services.

In security as in life, the hardest weaknesses to pinpoint are your own. Fortunately, we have no problem thoroughly documenting all of your flaws. 事实上,这是我们的工作. And that’s a good thing: Knowing your vulnerabilities—和 the ways in which attackers could exploit them—is one of the greatest insights you can get in improving your security program. 考虑到这一点, Rapid7’s 渗透测试服务 team will simulate a real-world attack on your networks, 应用程序, 设备, 和/or people to demonstrate the security level of your key systems 和 infrastructure 和 show you what it will take to strengthen it. Much like your mom, we don't highlight your failings because it bothers you—we do it because we care.


Let our experts simulate an attack on your network to show you your weaknesses (和 how to bolster them).



The best way to stop attackers is to think 和 act like an attacker. 这就是为什么, 不像很多保安公司, we don’t hire recent grads or people with more experience in IT than security as pen testers. Instead, we find good people who know about bad things. 比如自动取款机黑客, multi-function printer exploitation, automobile keyless entry attacks, endpoint protection bypass 技术, 射频识别克隆, security alarm system bypass… you get the idea. 还有那些人? They’re way more than security experts—they’re bonafide hackers.

To stay perpetually one step ahead of attackers—和 help others do the same—our testers devote 25% of their time to conducting research 和 contribute to the security community, 出版的文章, 在会议上发言, developing 和 releasing open source testing tools, 和 writing popular Metasploit modules. (Bonus: Since we own Metasploit, our pen testers get unparalleled access to the most widely used 渗透测试工具 在这个世界上.)

What to fix, 和 when 和 how to fix it

The best you can hope for from most penetration tests is a long list of problems with little context on how to fix them or where to start. 有帮助的,对吧? Rapid7 provides a prioritized list of issues, based on the exploitability 和 impact of each finding using an industry-st和ard ranking process.

你还能指望什么呢?? A detailed description 和 proof of concept for each finding, as well as an actionable remediation plan. And because we underst和 that risk severity is only one factor in prioritizing remediation efforts, we'll also provide insight into the level of effort needed to remediate the findings. 此外,您还将收到:

  • An attack storyboard that walks you through sophisticated chained attacks
  • Scorecards that compare your environment with best practices from an attacker’s perspective
  • Positive findings that call out what security controls you have that are effective

Compliance is a by-product of good security

We believe that good security begets good compliance. That's why everything we do—from our investment 和 commitment in Metasploit to our new attacker analytics products—is focused on helping you better underst和 attackers 和 how to defend against them. This extends to our penetration testing services; every company’s network 和 challenges are unique, so our penetration testers tailor their methods 和 attack vectors for each engagement. We also conduct penetration tests on our own network 和 products regularly, to ensure they’re always up-to-date in detecting real-world attacks.


Rapid7 offers a range of penetration testing services to meet your needs. Can't find what you're looking for? Reach out to learn about our custom solutions.

  • Network 渗透测试服务 – External or Internal

    We simulate real-world attacks to provide a point-in-time assessment of vulnerabilities 和 threats to your network infrastructure.

  • Web Application 渗透测试服务

    In addition to the 开源 Security Testing Methodology Manual (OSSTMM) 和 the 渗透测试 Execution St和ard (PTES) Rapid7’s 应用程序 penetration testing service leverages the Open Web Application Security Project (OWASP), a comprehensive framework for assessing the security of web-based 应用程序, as a foundation for our web 应用程序 assessment methodology.

  • Mobile Application 渗透测试服务

    As the widespread use of mobile 应用程序 continues to grow, consumers 和 corporations find themselves facing new threats around privacy, insecure 应用程序 integration, 以及设备盗窃. We go beyond looking at API 和 web vulnerabilities to examine the risk of the 应用程序 on a mobile platform. We leverage the Open Web Application Security Project (OWASP), 开源 Security Testing Methodology Manual (OSSTMM), 和 渗透测试 Execution St和ard (PTES) methodologies to thoroughly assess the security of mobile 应用程序.

  • IoT 和 Internet-Aware Device Testing

    Internet-aware 设备 span from ubiquitous, commercial Internet of Things (IoT) 设备 和 systems to automotive, healthcare 和 mission critical Industrial Control Systems (ICS). Our testing goes beyond basic device testing to consider the entire ecosystem of the target, covering areas such as communications channels 和 protocols, encryption 和 cryptography use, 接口和api, 固件, 硬件, 以及其他关键领域. Our deep dive manual testing 和 analysis looks for both known 和 previously undiscovered vulnerabilities.

  • Social Engineering 渗透测试服务

    Malicious users are often more successful at breaching a network infrastructure through social engineering than through traditional network/应用程序 exploitation. To help you prepare for this type of strike, we use a combination human 和 electronic methodologies to simulate attacks. Human-based attacks consist of impersonating a trusted individual in an attempt to gain information 和/or access to information or the client infrastructure. Electronic-based attacks consists of using complex phishing attacks crafted with specific organizational goals 和 rigor in mind. Rapid7 will customize a methodology 和 attack plan for your organization.

  • 红队攻击模拟

    Want to focus on your organization’s defense, detection, 和 response capabilities? Rapid7 works with you to develop a customized attack execution model to properly emulate the threats your organization faces. The simulation includes real-world adversarial behaviors 和 tactics, 技术, 和程序(TTPs), allowing you to measure your security program’s true effectiveness when faced with persistent 和 determined attackers.

  • Wireless Network 渗透测试服务

    We leverage the 开源 Security Testing Methodology Manual (OSSTMM) 和 the 渗透测试 Execution St和ard (PTES) as a foundation for our 无线 assessment methodology, which simulates real-world attacks to provide a point-in-time assessment of vulnerabilities 和 threats to your 无线 network infrastructure.

Under the Hoodie: True Stories from Rapid7 Pen Testers

Each year, Rapid7 pen testers complete more than 1,000 assessments. We've collected just a few stories to give you some true insight into what goes on beneath the hoodie.


This real-life story of social engineering owes its success to holes—some figurative, 和 some big enough to walk through. Find out how our makeshift MacGyver bypassed a bank’s security checkpoints to make a devious deposit that helped him hack from the parking lot.

银行工作远程控制One Man’s Junk Is Another Man’s Treasure你曾经拥有过我你好攻击邻居在开球时被选中打败你两次