This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.

The world’s most used penetration testing framework

Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.

Star
34,173

Get Metasploit

Open Source

Metasploit
Framework

Download

Latest

Commercial Support

Metasploit
Pro

Download

Latest

Get visibility into your network with Rapid7's InsightVM
30-Day Trial

Compare Features
View More Projects
View All Modules

Latest Metasploit Modules

Title Date Author
Land #19557, Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module Nov 12, 2024 bwatters-r7
Land #19518, Add support for RISC-V 32-bit / 64-bit Little Endian payloads Nov 01, 2024 dwelch-r7
Land #19528, Add Python exec payload Add a python/exec payload to execute OS commands Oct 31, 2024 bwatters-r7
Land #19499, Adds SolarWinds Help Desk Backdoor module This adds a new module which exploits a backdoor in SolarWinds Web Help Desk (CVE-2024-28987) <= v12.8.3 which enables attackers to retrieve all tickets currently logged in the application. Oct 31, 2024 jheysel-r7
Land #19517, Add WooCommerce SQLi module This adds a new auxiliary module that exploits an unauthenticated SQL injection vulnerability in the TI WooCommerce Wishlist plugin for WordPress (versions <= 2.8.2). The vulnerability allows attackers to execute SQL queries via the order parameter which can be used to dump usernames and their hashed passwords. Oct 31, 2024 jheysel-r7
Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353) This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin. Oct 30, 2024 jheysel-r7
Contribute a Module
View All Pull Requests

Latest Pull Requests

Name Labels Author
Update Kerberos enumusers description rn-documentation adfoster-r7
Update README file rn-no-release-notes adfoster-r7
Update README rn-no-release-notes adfoster-r7
Update readme rn-no-release-notes adfoster-r7
Fix Kerberos cache storage exception library , bug , easy , rn-fix adfoster-r7
Fixed spelling errors in command usage easy , rn-no-release-notes dudu7615
Create a Pull Request

Recent Blog Posts

Fri Nov 08 2024

Metasploit Wrap-Up: 11/08/2024

This release of Metasploit Framework has added exciting new features such as new payloads that target the RISC-V architecture. Learn more!...

Fri Nov 01 2024

Metasploit Weekly Wrap-Up 11/01/2024

This Metasploit-Framework release includes a new injection technique deployed on core Meterpreter functionalities such as process migration & DLL Injection....

Fri Oct 25 2024

Metasploit Weekly Wrap-Up 10/25/2024

Headlining the release is a new exploit module by jheysel-r7 that chains two vulnerabilities to target Magento/Adobe Commerce systems. Learn more!...

View More Metasploit Blog Posts

Metasploit in Action

Featured Video


View More Metasploit Videos
View All Contributors

Top Contributors

Last 12 Months

All Time

Contribute to Metasploit
View All

Related Products & Projects

InsightVM

Rapid7’s solution for advanced vulnerability management analytics and reporting.

Free Trial

InsightIDR

Rapid7’s incident detection and response solution unifying SIEM, EDR, and UBA capabilities.

Free Trial

Metasploitable

Virtual machines full of intentional security vulnerabilities. Exploit at will!

Download Now