Spencer McIntyre

The annual wrap-up for Metasploit Framework is out now, and it includes the entirety of stats for 2025. This wrap-up and its contents would not be possible without the participation and dedication of our contributors and researchers, and all of our thanks goes to them! Metasploit Framework wouldn't be the same without you, thank you. rapid7.com/blog/post/pt-m…

From Zero to Shell: Hunting Critical Vulnerabilities in AVideo chocapikk.com/posts/2025/avi…

New NTLM relay dropped for MSSQL. Should see some SCCM modules to use it next. @unsigned_sh0rt gave me all kinds of ideas.

Metasploit also has a merged exploit with check for react2shell. ⌨️ module: multi/http/react2shell_cve_2025_55182 📦 Dockerfile to test available in: Data\exploits\react2shell_unauth_rce_cve_2025_55102 github.com/rapid7/metaspl…

New Metasploit module for CVE-2025-54236 (SessionReaper) - Unauthenticated RCE in Magento github.com/rapid7/metaspl…

I've been hacking on a new Windows Named Pipe tool called PipeTap which helps analyse named pipe communications. Born out of necessity while doing some vulnerability research on a target, its been super useful in reversing it's fairly complex protocol. :)

Come join @rapid7! I’m hiring for a Senior Security Researcher to join our team. You'll get to work on n-day analysis, zero-day research, exploit development, and more - focusing on enterprise software and appliances. Fully remote in the UK, details here: careers.rapid7.com/jobs/senior-se…

Today @rapid7 is disclosing 8 new printer vulnerabilities affecting 742 models across 4 vendors. After 13 months of coordinated disclosure with Brother Industries, Ltd, we're detailing all issues including a critical auth bypass. Full details here: rapid7.com/blog/post/mult…

Our @metasploit auxiliary module for the new Brother auth bypass is available. The module will leak a serial number via HTTP/HTTPS/IPP (CVE-2024-51977), SNMP, or PJL, generate the devices default admin password (CVE-2024-51978) and then validate the creds: github.com/rapid7/metaspl…

Today @rapid7 disclosed two vulns affecting NetScaler Console and NetScaler SDX, found by Senior Security Researcher Calum Hutton! 🎉 Our blog details the authenticated arbitrary file read vuln (CVE-2025-4365), and the authenticated arbitrary file write vuln (Which the vendor has not assigned a CVE for).

Submitted a PR to enhance ReflectiveDLLInjection in @Metasploit: 
✅ ARM64 reflective loading (using resolved APIs, not syscalls!)
✅ Refactored x86/64/ARM32 loader
✅ Major injector CLI & feature upgrades
✅ API to pass params to DllMain
Details: github.com/rapid7/Reflect… Fingers crossed @stephenfewer doesn't mind the tinkering! 😄

This week's wrap-up features support for the SOCKS5H protocol, some additional SOCKS lore, and modules for WordPress Depicter Plugin and Gladinet CentreStack/Triofox. rapid7.com/blog/post/2025…

🚀 I just released a new Metasploit module for Invision Community ≤ 5.0.6 (CVE-2025-47916)! 🔗 PR: github.com/rapid7/metaspl…

Thanks to your help I donated £10,000 to mental health charities in the UK. I’m hoping to keep the ball rolling a little bit and fund raise using the pull of an exclusive signed print- you can support the fundraiser and get a print here, thank you - indiegogo.com/projects/happy…

🚨 CVE-2025-3102 Turned SureTriggers into SurePwned - unauth admin + RCE (≤1.0.78). PoCs have been out for a month, so I wrote the Metasploit module: github.com/rapid7/metaspl…

We now have a @metasploit exploit in the pull queue for that Oracle Access Manager vuln, CVE-2021-35587. You can check it out here: github.com/rapid7/metaspl…

We recently noticed that impackets smblient.py example does not actually give you access control info about files, it is simply hard coded: 🤯

ADCS Attack Techniques Cheatsheet for all of you lazy folks who prefer colored tables over reading a bunch of articles just to find some specific information: bit.ly/adcs-cheatsheet

...and we now have a @metasploit exploit module in the pull queue for the FortiManager vuln (CVE-2024-47575): github.com/rapid7/metaspl…

@RedTeamTactics There was a really good talk at @defcon this year on this topic called MaLDAPtive youtube.com/watch?v=mKRS5I…