Metasploit

@[email protected]
5.3K Followers
40 Following
145 Posts

The Metasploit Project (part of the Rapid7 family)

Learn/mentor/contribute: https://metasploit.com/slack

Websitehttps://metasploit.com
GitHubhttps://github.com/rapid7/metasploit-framework
Documentationhttps://docs.metasploit.com
Metasploit1d ago
This week's release features a 2x faster msfvenom bootup time and new modules, including exploits for the Cisco Catalyst SD-WAN Controller Authentication Bypass (CVE-2026-20127) and osTicket Arbitrary File Read (CVE-2026-22200). https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-10-2026/
Metasploit Wrap-Up 04/10/2026

Get the latest Metasploit Framework update, featuring an approximate two-times speedup in msfvenom's bootup time. This release introduces new modules targeting critical vulnerabilities, including an authentication bypass zero-day in Cisco Catalyst SD-WAN Controller (CVE-2026-20127) and an authenticated file read in osTicket (CVE-2026-22200). Key improvements also include a new AD/CS Web Enrollment service module, enhancements to Windows service-for-user persistence, and better reporting for LDAP/ADCS-related services.

Rapid7
Metasploit2d ago
Check out Episode 3 of Hacktics and Telemetry! https://youtu.be/dPYH5OfHTfQ
Inside you'll find 🔍:
00:00 - Welcome to Hacktics and Telemetry & The WordPress Dongle April Fool's Joke
02:56 - The Situation Room: LightLLM Hacks, Claude Source Code Leaks, & Chrome Zero-Days
23:10 - The War Room: Weaponizing Cellular IoT with Deral Heiland
41:59 - The Mitigation Minute: Supply Chain Defenses & Hardware Protections
Hacktics and Telemetry, E3: Claude Leaks, Supply Chain Attacks, and the Magic Smoke of IoT

YouTube
MetasploitApr 3
Metasploit Framework is here with 5 new modules! Exploits for FreeScout (CVE-2026-28289) and Grav CMS (CVE-2025-50286) RCEs, plus a generic HTTP command execution module and a new Windows persistence technique. We also have a slew of bug fixes and enhancements including SOCKS proxy performance improvements #Metasploit https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-03-2026/1
MetasploitMar 27

The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.

Check it out at https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-27-2026/

Metasploit Wrap-Up 03/27/2026

This week's Metasploit update features enhanced SMB NTLM relay functionality for broader client compatibility, including Linux's smbclient, and the ability to relay RubySMB authentication to multiple targets. New module content includes exploits for: unauthenticated RCE in Eclipse Che machine-exec (CVE-2025-12548), a command injection in Barracuda ESG (CVE-2023-2868), and an unauthenticated ESC/POS printer command injector (CVE-2026-23767).

Rapid7
MetasploitMar 20
Get the latest Metasploit Framework update! It includes 2 new exploit modules targeting AVideo Encoder (Unauthenticated Command Injection) and FreePBX, along with LDAP query enhancements and 7 bug fixes. https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-20-2026/
Metasploit Wrap-Up 03/20/2026

The newest Metasploit Framework release (6.4.123) delivers 2 new exploit modules, 2 enhancements, and 7 bug fixes. Key additions include new exploit modules for: AVideo Encoder getImage.php Unauthenticated Command Injection (CVE-2026-29058). FreePBX filestore Authenticated Command Injection (CVE-2025-64328). Major enhancements include granular control for LDAP queries to skip querying SACL data on security descriptors for non-privileged users, and the addition of the new OptTimedelta datastore option type. Update your Metasploit Framework now with msfupdate.

Rapid7
MetasploitMar 13

No bad luck here! 🍀 The Metasploit weekly wrapup is live with 3 new modules: LeakIX Search, Linux RC4 payload packer, and an unauthenticated RCE for SPIP Saisies (CVE-2025-71243). Plus, check out Metasploit Pro 5.0.0!

Read the full details: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026/ #Metasploit

Metasploit Wrap-Up 03/13/2026

Metasploit Weekly Wrapup: Discover three new modules (LeakIX Search, Linux RC4 payload packer, SPIP Saisies RCE CVE-2025-71243) and the new Metasploit Pro 5.0.0 release.

Rapid7
MetasploitMar 12
Metasploit Pro 5.0 is out now with a fresh UI and tons of improvements! Check out our announcement for details https://www.rapid7.com/blog/post/pt-announcing-metasploit-pro-5-penetration-testing-evolving/
The Face of Penetration Testing is Changing: Announcing Metasploit Pro 5.0.0

Announcing the long-awaited availability of Metasploit Pro 5.0.0, a fundamentally new approach to red teaming designed with the sole intention of staying ahead of ever increasingly capable threat actors.

Rapid7
MetasploitMar 6
Encoder exposed! 💥 Get the details on the latest Metasploit Framework release: new encoder options for better payload control, fresh RCE exploits (Tactical RMM SSTI, MajorDoMo), and Linux RC4 Packer for in-memory execution. Read the full wrap-up: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-06-2026/ #Metasploit
Metasploit Wrap-Up 03/06/2026

Explore the latest Metasploit Framework release focusing on enhanced payloads, new encoder options, and fresh RCE exploits, including Tactical RMM SSTI and MajorDoMo command injection.

Rapid7
MetasploitFeb 27

Latest Metasploit update is out with unauthenticated RCE for Grandstream GXP1600 VoIP devices, enabling credential harvesting and SIP interception. Also included is critical support for BeyondTrust PRA/RS command injection (CVE-2026-1731), plus a serious Ollama RCE (CVE-2024-37032).

Check out the wrap up at https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-02-27-2026/

Metasploit Wrap-Up 02/27/2026

Stay ahead of threats with the latest Metasploit Framework release! This update introduces critical exploit modules for Ollama Path Traversal RCE (CVE-2024-37032) and Grandstream GXP1600 RCE (CVE-2026-2329), which also includes post-modules for credential harvesting and SIP interception. Find updated support for BeyondTrust PRA/RS command injection (CVE-2026-1731) and a new ARM64 RC4 Packer for advanced evasion. Plus, benefit from enhancements to classic modules (Unreal IRCd, vsftpd), and key bug fixes for auxiliary scanners (GraphQL, LDAP ESC). Update your framework for the newest penetration testing firepower.

Rapid7
MetasploitFeb 20
This week's release packs a punch with 5 new modules, including unauthenticated RCEs targeting ChurchCRM and the WordPress StoryChief plugin, plus creative persistence methods for Emacs and Windows. Check it out in the weekly wrap up: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-02-20-2026/
Metasploit Wrap-Up 02/20/2026

Metasploit 6.4.115 brings 5 new modules: unauthenticated RCEs for ChurchCRM (CVE-2025-62521) and WordPress StoryChief (CVE-2025-7441), and creative persistence for Windows & Emacs.

Rapid7