This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.

The world’s most used penetration testing framework

Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.

Star
32,243

Get Metasploit

Open Source

Metasploit
Framework

Download

Latest

Commercial Support

Metasploit
Pro

Download

Latest

Get visibility into your network with Rapid7's InsightVM
30-Day Trial

Compare Features
View More Projects
View All Modules

Latest Metasploit Modules

Title Date Author
Land #18780, runc cwd priv esc (docker) (cve-2024-21626) Feb 05, 2024 cdelafuente-r7
Land #18769, Add Cacti RCE via SQLi Module This exploit module leverages a SQLi (CVE-2023-49085) and a LFI (CVE-2023-49084) vulnerability in Cacti versions prior to 1.2.26 to achieve RCE Feb 02, 2024 jheysel-r7
Land #18704, Leverage the module metadata cache in the module_sets Feb 02, 2024 adfoster-r7
Land #18696, Convert MSSQL mixin to class Feb 02, 2024 adfoster-r7
Land #18761, Add alert to show user the new session options available in Metasploit 6.4 Feb 02, 2024 adfoster-r7
Land #18762, Add exploit module for CVE-2024-0204 This pull request adds an exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from 6.0.1, and 7.x before 7.4.1 are vulnerable. Feb 02, 2024 jheysel-r7
Contribute a Module
View All Pull Requests

Latest Pull Requests

Name Labels Author
Remove all references to `Msf::SymbolicModule` rn-fix dwelch-r7
Temporarily remove PHP github action testing rn-no-release-notes adfoster-r7
Update Windows installation docs to mention requirement to install as Administrator rn-documentation ekalinichev-r7
runc cwd priv esc (docker) (cve-2024-21626) module , docs , rn-modules h00die
Update PHP Github action for acceptance tests rn-no-release-notes adfoster-r7
Support CTRL + Z for interactive SQL REPL rn-fix sjanusz-r7
Create a Pull Request

Recent Blog Posts

Fri Feb 02 2024

Metasploit Weekly Wrap-Up 02/02/2024

Shared RubySMB Service Improvements This week’s updates include improvements to Metasploit Framework’s SMB server implementation: the SMB server can now be reused across various SMB modules, which are now able to register the...

Fri Jan 26 2024

Metasploit Weekly Wrap-Up 01/26/24

This week's wrap-up adds 8 new modules and direct syscalls to Meterpreter's Reflective Loader....

Fri Jan 19 2024

Metasploit Weekly Wrap-Up 01/19/24

Unicode your way to a php payload and three modules to add to your playbook for Ansible Our own jheysel-r7 added an exploit leveraging the fascinating tool of php filter chaining to prepend a payload using encoding conversion...

View More Metasploit Blog Posts

Metasploit in Action

Featured Video


View More Metasploit Videos
View All Contributors

Top Contributors

Last 12 Months

All Time

Contribute to Metasploit
View All

Related Products & Projects

InsightVM

Rapid7’s solution for advanced vulnerability management analytics and reporting.

Free Trial

InsightIDR

Rapid7’s incident detection and response solution unifying SIEM, EDR, and UBA capabilities.

Free Trial

Metasploitable

Virtual machines full of intentional security vulnerabilities. Exploit at will!

Download Now