This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.

The world’s most used penetration testing framework

Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.

Star
33,765

Get Metasploit

Open Source

Metasploit
Framework

Download

Latest

Commercial Support

Metasploit
Pro

Download

Latest

Get visibility into your network with Rapid7's InsightVM
30-Day Trial

Compare Features
View More Projects
View All Modules

Latest Metasploit Modules

Title Date Author
Land #19444, SPIP BigUp Plugin Unauthenticated RCE Sep 11, 2024 dledda-r7
Land #19432, Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin Sep 11, 2024 dwelch-r7
Land #19419, Remove unneeded code in php/base64 This remove some useless code in modules/encoders/php/base64.rb Sep 05, 2024 jheysel-r7
Land #19439, Update bypassuac_comhijack supported arch This explicitly defines x86 and x64 as supported architectures for the bypassuac_comhijack module. Prior to this change there were no defined architectures and if you tried to use an x64 based payload the module would fail. Sep 05, 2024 jheysel-r7
Land #19330, Add SSL opt in start_service The start_service method now allows users to specify their SSL preferences directly through the opts parameter. If the ssl option is not provided in opts, it will default to the value in datastore["SSL"] Sep 05, 2024 jheysel-r7
Land #19381, Fix gitlab_login scanner This fixes the gitlab_login scanner so that it uses the proper datastore options Username and Password which are the standard for login scanners. Before this fix the scanner was using HttpUsername and HttpPassword and ignoring the datastore options Username and Password Aug 30, 2024 jheysel-r7
Contribute a Module
View All Pull Requests

Latest Pull Requests

Name Labels Author
Minor fix for SPIP BigUp Unauthenticated RCE easy , rn-no-release-notes dledda-r7
Update README.md Cybertelugupavan
Add SPIP BigUp Plugin Unauthenticated RCE (CVE-2024-8517) module , docs , rn-modules Chocapikk
bypassuac_comhijack: Specify x86/x64 as supported payload architectures module , bug , rn-fix bcoles
Fixes a `nil` error if login is successful with `ldap_login` module rn-fix cgranleese-r7
Add an encoder to minify php payloads payload , enhancement , rn-payload-enhancement jvoisin
Create a Pull Request

Recent Blog Posts

Fri Sep 13 2024

Metasploit Weekly Wrap-Up 09/13/2024

This Metasploit Weekly Wrap-Up brings more modules targeting the SPIP publishing platform. Learn more about the details....

Fri Sep 06 2024

Metasploit Weekly Wrap-Up 09/06/2024

This week's release includes a php/minify encoder which removes all unnecessary characters from the payload. Learn more about the updates for this week!...

Fri Aug 30 2024

Metasploit Weekly Wrap-Up 08/30/2024

A new PHP encoder has been released by a community contributor, jvoisin, allowing a PHP payload to be encoded as an ASCII-Hex string. Learn more!...

View More Metasploit Blog Posts

Metasploit in Action

Featured Video


View More Metasploit Videos
View All Contributors

Top Contributors

Last 12 Months

All Time

Contribute to Metasploit
View All

Related Products & Projects

InsightVM

Rapid7’s solution for advanced vulnerability management analytics and reporting.

Free Trial

InsightIDR

Rapid7’s incident detection and response solution unifying SIEM, EDR, and UBA capabilities.

Free Trial

Metasploitable

Virtual machines full of intentional security vulnerabilities. Exploit at will!

Download Now