Metasploit Project

Metasploit Framework 6.4 is out now! 🆕🎉 Features include: 🔹More Kerberos goodness, like support for diamond and sapphire tickets and extract tickets from compromised windows hosts to leverage unconstrained delegation 🔹DNS configuration 1/4

The ultimate persistence mechanism is here: Vim plugin persistence! Seriously, who can close Vim anyway? Catch up on the latest Metasploit Wrap-up, also featuring Unauthenticated Marvell QConvergeConsole Path Traversal (CVE-2025-6793), Authenticated RCE in GestioIP 3.5.7 (CVE-2024-48760), and a classic PHP filter bypass in Dolibarr ERP/CRM (CVE-2023-30253). As always, check it out the blog: rapid7.com/blog/post/pt-m…

This weeks' release is themed "Spring Cleanup" and brings some improvements to Metasploit! Key updates include payload fixes for Copy Fail on x64 and new support for ARMLE Linux, enhancements to the shiro_rememberme_v124_deserialize module for broader targeting, and general fixes for FTP utility modules. Checkout the details at rapid7.com/blog/post/pt-m…

Catch this episode of Hacktics and Telemetry on Youtube, featuring our very own @zeroSteiner talking about the Metasploit MCP! youtube.com/watch?v=A05dD5…

This weeks wrap up is packed with new stuff including an MCP server, and new modules for relaying NTLM from HTTP to LDAP and a Copy Fail exploit with x64 and AARCH64 support rapid7.com/blog/post/pt-m…

Modern attacks move in minutes, so resilience depends on acting earlier. At Rapid7’s Global Cybersecurity Summit, see how security teams are prioritizing real risk and moving beyond reactive operations. Save your spot: r-7.co/4sUjTK3

The latest Metasploit Weekly Wrapup is here! Highlights include a new RCE exploit for Langflow (CVE-2026-27966), improved check method visibility with detailed reasoning, and updates for legacy SMB targets. Plus 3 other new modules! Read more: rapid7.com/blog/post/pt-m…

Reactive workflows can’t keep up with AI-driven attacks and expanding attack surfaces. ⏳ In under a month, Rapid7’s Global Cybersecurity Summit will show how teams are aligning exposure, MDR, and AI to anticipate and act on risk earlier. Save your spot: r-7.co/41y8aoA

Episode 4 of Hacktics and Telemetry is Live! Bug Bounties, AI Superpowers, and Breach Impersonations youtube.com/watch?v=-xv0w6… The goodness contains: 02:13 - The Situation Room: Vercel breach, Shiny Hunter impersonators, and Anthropic’s Opus 4.7. 16:00 - The War Room: Bug bounty strategies and the Arson Framework with Harrison Richardson. 43:07 - The Mitigation Minute: Defending against supply chain attacks and identity compromise.

Happy Friday, Metasploit users! 🎉 The weekly wrapup is here with a massive update: 7 new modules, including 4 fresh RCE exploits (targeting AVideo, openDCIM, ChurchCRM, & Selenium Grid/Selenoid) and 3 new Windows persistence techniques. Get the details and happy hacking! rapid7.com/blog/post/pt-m…

This week's release features a 2x faster msfvenom bootup time and new modules, including exploits for the Cisco Catalyst SD-WAN Controller Authentication Bypass (CVE-2026-20127) and osTicket Arbitrary File Read (CVE-2026-22200). rapid7.com/blog/post/pt-m…

Check out Episode 3 of Hacktics and Telemetry! youtu.be/dPYH5OfHTfQ Inside you'll find 🔍: 00:00 - Welcome to Hacktics and Telemetry & The WordPress Dongle April Fool's Joke 02:56 - The Situation Room: LightLLM Hacks, Claude Source Code Leaks, & Chrome Zero-Days 23:10 - The War Room: Weaponizing Cellular IoT with Deral Heiland 41:59 - The Mitigation Minute: Supply Chain Defenses & Hardware Protections

Metasploit Framework is here with 5 new modules! Exploits for FreeScout (CVE-2026-28289) and Grav CMS (CVE-2025-50286) RCEs, plus a generic HTTP command execution module and a new Windows persistence technique. We also have a slew of bug fixes and enhancements including SOCKS proxy performance improvements #Metasploit rapid7.com/blog/post/pt-m…

The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector. Check it out at rapid7.com/blog/post/pt-m…

Get the latest Metasploit Framework update! It includes 2 new exploit modules targeting AVideo Encoder (Unauthenticated Command Injection) and FreePBX, along with LDAP query enhancements and 7 bug fixes. rapid7.com/blog/post/pt-m…

No bad luck here! 🍀 The Metasploit weekly wrapup is live with 3 new modules: LeakIX Search, Linux RC4 payload packer, and an unauthenticated RCE for SPIP Saisies (CVE-2025-71243). Plus, check out Metasploit Pro 5.0.0! Read the full details: rapid7.com/blog/post/pt-m… #Metasploit

Dearest Gentle Hacker, This author would recommend the new podcast, Hacktics & Telemetry, by Rapid7 Labs. It promises to be a ball.

Metasploit Pro 5.0 is out now with a fresh UI and tons of improvements! Check out our announcement for details rapid7.com/blog/post/pt-a…

Encoder exposed! 💥 Get the details on the latest Metasploit Framework release: new encoder options for better payload control, fresh RCE exploits (Tactical RMM SSTI, MajorDoMo), and Linux RC4 Packer for in-memory execution. Read the full wrap-up: rapid7.com/blog/post/pt-m… #Metasploit

You really get me 😌

Latest Metasploit update is out with unauthenticated RCE for Grandstream GXP1600 VoIP devices, enabling credential harvesting and SIP interception. Also included is critical support for BeyondTrust PRA/RS command injection (CVE-2026-1731), plus a serious Ollama RCE (CVE-2024-37032). Check out the wrap up at rapid7.com/blog/post/pt-m…