June 19, 2021

Metasploit 4.0 Released With 20 New Exploits

(LiveHacking.Com) – The first iteration of the 3.x series of Metasploit was released five years ago. Now after uncountable hours of coding and testing, the Metasploit Framework 4.0 has been released. This new release ships with 716 exploit modules, 361 auxiliary modules, and 68 post modules. As well as 20 new exploits, 3 new auxiliary modules, and 14 new post modules since V3.7.2.

Metasploit Framework 4.0 comes with an abundance of new features and bug fixes. There are 14 new post modules including new password-stealing post modules. Adding to Metasploit’s extensive payload support, Windows and Java Meterpreter now both support staging over http and Windows can use https.

Six of the twenty new exploits came via the recent Exploit Bounty where contributors were paid $500 or $1000 (in the form of American Express gift cards) for creating any exploit module for an item from Metasploit’s top 5 or top 25 exploit lists.

Also new in V4.0 is a consolidated pcap interface. The pcaprub extension ships with the Linux installers as of this release and support for Windows will come soon. Modules that used Racket for generating raw packets have been converted to Packetfu, which provides a smoother API for modules to capture and inject packets.

Metasploit 4 is available to download from the project’s site where you can also find update instructions. Full details of this release can be found in the Release Notes.