View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 14, 2019

Metasploit 5.0: What’s New?

32 percent of organisations were running internal pen tests in 2018

By CBR Staff Writer

Rapid7, the Boston-based cybersecurity company, has released Metasploit 5.0, the first major release of the popular penetration testing framework since 2011.

Metasploit – which shares a market with Kali Linux, Nessus, Testrail and W3aF – is used by security researchers to probe the defences of organisations for vulnerabilities.

It is in widespread use by white hat hackers, red teamers and troublemakers of various shades as a powerful tool with which to write, test, and execute exploit code.

(A 2018 report by the company found that 32 percent of organisations in 2018 were running internal penetration tests, up from 21 percent in 2017).

Here’s what’s new in Metasploit 5.0

The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection.

Among the release’s new gambits: support for three different module languages: Go, Python, and Ruby, rather than just the latter – in which it was built – and new database and automation APIs that allow external tools to interact with it.

Any module can also now target multiple hosts by setting RHOSTS to a range of IPs, or by referencing a hosts file with the file:// option.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Metasploit users can now run the PostgreSQL database by itself as a RESTful service, which allows for multiple Metasploit consoles and external tools to interact with it.

The release (full release notes here) is currently available from its official GitHub project. Rapid7 says it’s in the process of informing third-party developers that ship distributions with Metasploit bundled in that 5.0 is stable.

Announcing the release, Brent Cook, engineering manager for Metasploit at Rapid7 wrote: “Metasploit 5.0 offers a new data service, introduces fresh evasion capabilities, supports multiple languages, and builds upon the Framework’s ever-growing repository of world-class offensive security content.”

He added: “We’re able to continue innovating and expanding in no small part thanks to the many open source users and developers who make it a priority to share their knowledge with the community. You have our gratitude.”

See also: The 5 Most Commonly Used Hacking Tools – and How to Defend Against Them


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.