Rapid7, the Boston-based cybersecurity company, has released Metasploit 5.0, the first major release of the popular penetration testing framework since 2011.
Metasploit – which shares a market with Kali Linux, Nessus, Testrail and W3aF – is used by security researchers to probe the defences of organisations for vulnerabilities.
It is in widespread use by white hat hackers, red teamers and troublemakers of various shades as a powerful tool with which to write, test, and execute exploit code.
(A 2018 report by the company found that 32 percent of organisations in 2018 were running internal penetration tests, up from 21 percent in 2017).
Here’s what’s new in Metasploit 5.0
The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection.
Among the release’s new gambits: support for three different module languages: Go, Python, and Ruby, rather than just the latter – in which it was built – and new database and automation APIs that allow external tools to interact with it.
Any module can also now target multiple hosts by setting RHOSTS to a range of IPs, or by referencing a hosts file with the file:// option.
Metasploit users can now run the PostgreSQL database by itself as a RESTful service, which allows for multiple Metasploit consoles and external tools to interact with it.
— Rey Bango 🇺🇦🌻 (@reybango) January 10, 2019
The release (full release notes here) is currently available from its official GitHub project. Rapid7 says it’s in the process of informing third-party developers that ship distributions with Metasploit bundled in that 5.0 is stable.
Announcing the release, Brent Cook, engineering manager for Metasploit at Rapid7 wrote: “Metasploit 5.0 offers a new data service, introduces fresh evasion capabilities, supports multiple languages, and builds upon the Framework’s ever-growing repository of world-class offensive security content.”
He added: “We’re able to continue innovating and expanding in no small part thanks to the many open source users and developers who make it a priority to share their knowledge with the community. You have our gratitude.”