Metasploit Project

Metasploit Framework 6.4 is out now! 🆕🎉 Features include: 🔹More Kerberos goodness, like support for diamond and sapphire tickets and extract tickets from compromised windows hosts to leverage unconstrained delegation 🔹DNS configuration 1/4

Get the latest Metasploit Framework update! It includes 2 new exploit modules targeting AVideo Encoder (Unauthenticated Command Injection) and FreePBX, along with LDAP query enhancements and 7 bug fixes. rapid7.com/blog/post/pt-m…

No bad luck here! 🍀 The Metasploit weekly wrapup is live with 3 new modules: LeakIX Search, Linux RC4 payload packer, and an unauthenticated RCE for SPIP Saisies (CVE-2025-71243). Plus, check out Metasploit Pro 5.0.0! Read the full details: rapid7.com/blog/post/pt-m… #Metasploit

Dearest Gentle Hacker, This author would recommend the new podcast, Hacktics & Telemetry, by Rapid7 Labs. It promises to be a ball.

Metasploit Pro 5.0 is out now with a fresh UI and tons of improvements! Check out our announcement for details rapid7.com/blog/post/pt-a…

Encoder exposed! 💥 Get the details on the latest Metasploit Framework release: new encoder options for better payload control, fresh RCE exploits (Tactical RMM SSTI, MajorDoMo), and Linux RC4 Packer for in-memory execution. Read the full wrap-up: rapid7.com/blog/post/pt-m… #Metasploit

You really get me 😌

Latest Metasploit update is out with unauthenticated RCE for Grandstream GXP1600 VoIP devices, enabling credential harvesting and SIP interception. Also included is critical support for BeyondTrust PRA/RS command injection (CVE-2026-1731), plus a serious Ollama RCE (CVE-2024-37032). Check out the wrap up at rapid7.com/blog/post/pt-m…

This week's release packs a punch with 5 new modules, including unauthenticated RCEs targeting ChurchCRM and the WordPress StoryChief plugin, plus creative persistence methods for Emacs and Windows. Check it out in the weekly wrap up: rapid7.com/blog/post/pt-m…

This weeks wrap up includes a slew of new exploits, enhancements and bug fixes including RCEs for SolarWinds Web Help Desk and Ivanti EPMM rapid7.com/blog/post/pt-m…

We now have a draft @metasploit module for the recent SolarWinds Web Help Desk vulns (CVE-2025-40536 + CVE-2025-40551) , based on the PoC by @Horizon3ai but with a gadget for loading native code modules to achieve RCE: github.com/rapid7/metaspl…

This weeks wrap up features new Gladinet modules and our summer project plans as we submit to #GSOC rapid7.com/blog/post/pt-m…

This week's wrap up includes 7 new modules with 3 just for FreePBX rapid7.com/blog/post/pt-m…

This week's wrap up includes three new RCEs include one that's unauthenticated, targeting Oracle E-Business Suite rapid7.com/blog/post/pt-m…

13 modules in this week's wrap-up. Lucky you. rapid7.com/blog/post/pt-m…

This week's wrap-up features more RISC-V payloads. Get it here: rapid7.com/blog/post/pt-m…

The annual wrap-up for Metasploit Framework is out now, and it includes the entirety of stats for 2025. This wrap-up and its contents would not be possible without the participation and dedication of our contributors and researchers, and all of our thanks goes to them! Metasploit Framework wouldn't be the same without you, thank you. rapid7.com/blog/post/pt-m…

This week we have some updates to the React2Shell payloads. Stay tuned for the Metasploit annual wrap-up! rapid7.com/blog/post/meta…

This week's wrap-up has some pretty rad MSSQL updates and a module for React2shell. Get it here: rapid7.com/blog/post/pt-m…

This week's wrap-up: Twonky Auth Bypass, RCEs and RISC-V Reverse Shell Payloads. Get it here: rapid7.com/blog/post/pt-m…

WSUS, anyone? rapid7.com/blog/post/pt-m…