Metasploit Project
@metasploit
Official account of the Metasploit Project, part of the @rapid7 family. Mastodon: @[email protected] Slack: http://metasploit.com/slack
Metasploit Framework 6.4 is out now! 🆕🎉 Features include: 🔹More Kerberos goodness, like support for diamond and sapphire tickets and extract tickets from compromised windows hosts to leverage unconstrained delegation 🔹DNS configuration 1/4
Happy Friday, folks! Five new modules in this week's wrap-up. Three of them are for Xorcom CompletePBX. Get it here: rapid7.com/blog/post/meta…
Hey everyone, poll time again: Why AREN'T you using Metasploit?
This week's wrap-up features a *new* Arm64 Windows payload, PandoraFMS Authenticated RCE, and a GraphQL Introspection Scanner. rapid7.com/blog/post/meta…
New Skyvern RCE in the wrap-up this week. Get it here: rapid7.com/blog/post/meta…
Hey friends, it's that time again. As a Metasploit user, how would you describe yourself? Add comments if you want to explain!
Framework offering even faster boot time this week. Get the wrap-up here: rapid7.com/blog/post/meta…
Five new modules in this release, including content for ThinManager, Remote for Mac, Roundcube and more. rapid7.com/blog/post/meta…
This week's wrap-up features support for the SOCKS5H protocol, some additional SOCKS lore, and modules for WordPress Depicter Plugin and Gladinet CentreStack/Triofox. rapid7.com/blog/post/2025…
This week we've increased our boot and startup times :D and now have native support for getting TGS, as well as exploit modules for Ivanti Connect Secure, Clinic's Patient Management System, Invision Community, Nextcloud Workflows, and Samsung MagicINFO 9 Server.…
This week we've increased our boot and startup times :D and now have native support for getting TGS, as well as exploit modules for Ivanti Connect Secure, Clinic's Patient Management System, Invision Community, Nextcloud Workflows, and Samsung MagicINFO 9 Server.…
This week we've increased our boot and startup times :D and now have native support for getting TGS, as well as exploit modules for Ivanti Connect Secure, Clinic's Patient Management System, Invision Community, Nextcloud Workflows, and Samsung MagicINFO 9 Server.…
This week we've increased our boot and startup times :D and now have native support for getting TGS, as well as exploit modules for Ivanti Connect Secure, Clinic's Patient Management System, Invision Community, Nextcloud Workflows, and Samsung MagicINFO 9 Server.…
This week we've increased our boot and startup times :D and now have native support for getting TGS, as well as exploit modules for Ivanti Connect Secure, Clinic's Patient Management System, Invision Community, Nextcloud Workflows, and Samsung MagicINFO 9 Server.…
This week we've increased our boot and startup times :D and now have native support for getting TGS, as well as exploit modules for Ivanti Connect Secure, Clinic's Patient Management System, Invision Community, Nextcloud Workflows, and Samsung MagicINFO 9 Server.…
New toys and techniques this week: OPNSense login scanner, Sante PACS Server Path Traversal, SMB to HTTP relay version of Get NAA Creds, and Erlang OTP Pre-Auth RCE Scanner and Exploit! rapid7.com/blog/post/2025…
In another great body of research from @the_emmons, this disclosure chains 3 new vulns in SonicWall's SMA 100 appliances to go from a low privileged account to full RCE as root!! Awesome work as always 🔥🔥🔥
Great work from @the_emmons on these! And our sincere thanks to SonicWall's PSIRT once again for their exceptionally speedy and helpful response 🙌 rapid7.com/blog/post/2025…
This week we've released a patch for a vulnerability disclosed to us by a longtime community member. A heartfelt thanks to the folks who spend their time on this journey with us. We've also got LAPs support for LDAP module, and an RCE for WonderCMS. Get it here:…
Rapid7 MDR has observed exploitation of SAP NetWeaver Visual Composer CVE-2025-31324 in multiple customer environments dating back to at least late March. Observations and guidance here: rapid7.com/blog/post/2025…