Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.
Rapid7 announced the release of Metasploit 5.0, the new version includes several new important features and, the company believes it will easier to use and more powerful.
Metasploit is the most widely used penetration testing framework and it has more than 1500+ modules that deliver functionalities covering every phase of a penetration test, making the life of a penetration tester comparatively easier.
Most important changes introduced in the Metasploit 5.0 include new database and automation APIs, evasion modules and libraries, language support, improved performance.
Metasploit 5.0 is currently available from its official GitHub project. Rapid7 says it’s in the process of informing third-party developers that Metasploit 5.0 is stable – Linux distributions such as Kali and ParrotSec are shipped with Metasploit.
Metasploit 5.0 Release Notes
Metasploit 5.0 brings many new features, including new database and automation APIs, evasion modules and libraries, language support, improved performance, and ease-of-use.
The following is a high-level overview of Metasploit 5.0’s features and capabilities.
- Metasploit users can now run the PostgreSQL database by itself as a RESTful service, which allows for multiple Metasploit consoles and external tools to interact with it.
- Parallel processing of the database and regular
msfconsole
operations improves performance by offloading some bulk operations to the database service. - A JSON-RPC API enables users to integrate Metasploit with additional tools and languages.
- This release adds a common web service framework to expose both the database and the automation APIs; this framework supports advanced authentication and concurrent operations. Read more about how to set up and run these new services here.
- The
metashell
feature allows users to run background sessions and interact with shell sessions without needing to upgrade to a Meterpreter session. - External modules add Metasploit support for Python and Go in addition to Ruby.
- Any module can target multiple hosts by setting RHOSTS to a range of IPs, or by referencing a hosts file with the
file://
option. Metasploit now treats RHOST and RHOSTS as identical options. - An updated search mechanism improves Framework start time and removes database dependency.