This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.

The world’s most used penetration testing framework

Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.

Get Metasploit

Open Source




Commercial Support




Get visibility into your network with Rapid7's InsightVM
30-Day Trial

View All Modules

Latest Metasploit Modules

Title Date Author
Land #19255, Add SolarWinds Serv-U aux module This module exploits an unauthenticated file read vulnerability, due to directory traversal, affecting SolarWinds Serv-U FTP Server 15.4, Serv-U Gateway 15.4, and Serv-U MFT Server 15.4. All versions prior to the vendor supplied hotfix "15.4.2 Hotfix 2" (version are affected. Jun 19, 2024 jheysel-r7
Land #19176, Add missing Arch parameter Adding Arch parameter to dnn_cookie_deserialization_rce module Jun 18, 2024 smcintyre-r7
Land #19253, Corrected a mistaken CVE Corrected a mistaken CVE-ID in exploit references. Jun 18, 2024 smcintyre-r7
Land #18829, Allow multiple HttpServers in module Adding multiple HttpServer services in a module is sometimes complex since they share the same methods. This usually this causes issues where on_request_uri needs to be overridden to handle requests coming from each service. This updates the cmdstager and the Java HTTP ClassLoader mixins, since these are commonly used in the same module. This also updates the manageengine_servicedesk_plus_saml_rce_cve_2022_47966 module to make use of these new changes Jun 18, 2024 jheysel-r7
Land #19247, PHP CGI Arg injection RCE XAMPP installs running on Windows system configured to use Japanese or Chinese (simplified or traditional) locales are vulnerable to a PHP CGI argument injection vulnerability. This exploit module returns a session running in the context of the Administrator user Jun 17, 2024 jheysel-r7
Land #19249, Apache OFBiz Directory Traversal RCE Apache OFBiz Directory Traversal RCE [CVE-2024-32113] Jun 17, 2024 smcintyre-r7
Contribute a Module

Recent Blog Posts

Fri Jun 21 2024

Metasploit Weekly Wrap-Up 06/21/2024

This week includes modules that target file traversal & arbitrary file read vulnerabilities for software such as Apache, SolarWinds, & Check Point....

Fri Jun 14 2024

Metasploit Weekly Wrap-Up 06/14/2024

This weeks Metasploit Weekly Wrap-Up includes 5 new module contents, 4 enhancements and features, and some bug fixes. Learn more about the updates....

Fri Jun 07 2024

Metasploit Weekly Wrap-Up 06/07/2024

This release features the addition of several new binary OSX stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, & Shell Reverse TCP....

View More Metasploit Blog Posts

View All

Related Products & Projects


Rapid7’s solution for advanced vulnerability management analytics and reporting.

Free Trial


Rapid7’s incident detection and response solution unifying SIEM, EDR, and UBA capabilities.

Free Trial


Virtual machines full of intentional security vulnerabilities. Exploit at will!

Download Now