Metasploit - Penetration Testing Resources

Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is an open source project managed by Rapid7.

Announce 2010-07-15: Metasploit Express 3.4.1 Released

   Metasploit Express, an easy to use penetration testing product based on the Metasploit Framework, is now available for purchase and evaluations. Metasploit Express delivers a full graphical user interface, an advanced penetration testing workflow engine, automated exploitation capabilities, native integration with nmap and Rapid7 NeXpose, complete user action audit logs, and configurable reporting. The 3.4.1 release adds 16 new exploits, an overhauled module browser, island-hopping support, brute force support for FTP and HTTPS, enhanced import and export functionality, and improvements to the online update system, including support for HTTP proxies. The full release notes are online.

Announce 2010-07-12: Metasploit Framework 3.4.1 Released

   Version 3.4.1 of the Metasploit penetration testing framework has been released, adding 16 exploits, 22 auxiliary modules, and 11 meterpreter scripts. All 587 exploit modules have been updated to include the Disclosure Date field. Major features added since 3.4.0 include the RAILGUN meterpreter extension by Patrick HVE and the PHP Meterpreter payload by egypt. The Windows installer now ships with support for PostgreSQL database backends. The full release notes are online.

Announce Metasploit Kung Fu for Enterprise Pen Testing

   This class will show students how to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen, according to a thorough methodology for performing effective tests. Students who complete the course will have a firm understanding of how Metasploit can fit into their penetration testing and day-to-day assessment activities. Please see the course schedule below for a list of upcoming classes.

September 26th to 27th, 2010:Las Vegas, Nevada
October 4th to 12th, 2010:vLive!
December 16th to 17th, 2010:Washington, DC






RSS The Metasploit Blog

Aug-25-2010 - Better, Faster, Stronger: DLLHijackAuditKit v2 (hdm)
Aug-23-2010 - Exploiting DLL Hijacking Flaws (hdm)
Aug-17-2010 - Redesigning the Credential Cracking Strategy (todb)
Aug-02-2010 - Shiny Old VxWorks Vulnerabilities (hdm)
Jul-28-2010 - W3AF: An Open Source Success Story (hdm)
Jul-12-2010 - Metasploit Framework 3.4.1 Released! (egypt)
Jun-14-2010 - Meterpreter for Pwned Home Pages (egypt)
May-27-2010 - It's Ruby all the way down! (jcran)

RSS Metasploit Framework Development

Sep-08-2010 - Bug #2474: Microsoft Windows Authenticated User Co...
Sep-08-2010 - Bug #2474: Microsoft Windows Authenticated User Co...
Sep-08-2010 - Bug #2474: Microsoft Windows Authenticated User Co...
Sep-07-2010 - Feature #2497 (New): SVN update and module managem...
Sep-07-2010 - Feature #527: Add ability for MSFPayload to includ...
Sep-07-2010 - Revision 10253: fix broken ENUM_TLD in auxiliary/g...
Sep-07-2010 - Bug #2481 (Resolved): "O" option no longer works w...
Sep-07-2010 - Revision 10252: fixes #2481, broken thanks to anon...
Sep-07-2010 - Bug #2481: "O" option no longer works with msfpayl...
Sep-06-2010 - Revision 10250: Meterpreter version check, only su...

Copyright © 2003-2010 Rapid7 LLC
Rapid7 Privacy Statement