Metasploit Project
@metasploit
Followers
251,519
Following
189
Media
120
Statuses
2,504
Official account of the Metasploit Project, part of the @rapid7 family. Mastodon: @metasploit @infosec .exchange Slack:
Distributed
Joined January 2009
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Ireland
• 275021 Tweets
Norway
• 230051 Tweets
Spain
• 189829 Tweets
WIN AT MU PHILIPPINES
• 45174 Tweets
#MUPH2024xWIN
• 41106 Tweets
#MissUniversePhilippines2024
• 40215 Tweets
ソフトバンク
• 37250 Tweets
Irlanda
• 33246 Tweets
Noruega
• 31125 Tweets
KATY PERRY IS COMING
• 22640 Tweets
مورينهو
• 18108 Tweets
Paula Vennells
• 17993 Tweets
たまちゃん
• 17614 Tweets
$PIKA
• 17459 Tweets
ホークス
• 16614 Tweets
#With蓮ノ空
• 14608 Tweets
ストライク
• 12654 Tweets
Pikamoon
• 12347 Tweets
#特捜9
• 11584 Tweets
Pinned Tweet
Metasploit Framework 6.4 is out now! 🆕🎉
Features include:
🔹More Kerberos goodness, like support for diamond and sapphire tickets and extract tickets from compromised windows hosts to leverage unconstrained delegation
🔹DNS configuration 1/4
2
87
241
Today we released a community-developed exploit module PR for
#BlueKeep
(CVE-2019-0708). We expect to continue refining the exploit over time in collaboration with contributors. Some important notes on exploitation and detection from
@busterbcook
:
20
889
1K
Metasploit Framework 6.3 is out now🎉
New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.
17
263
810
Today we're excited to announce active development of Metasploit Framework 6. Initial MSF 6 features include end-to-end encryption of Meterpreter communications, SMBv3 client support, and a new polymorphic payload generation routine.
10
266
646
Two targets. Three days. 1,000 teams. Announcing the 2018 Metasploit community CTF: Registration opens Nov. 12, play starts Nov. 30. Get it.
3
249
388
Registration for the 2020 Metasploit community CTF is now open. 1,000 teams, four days to find flags, unlimited shells. Play starts January 30. NOTE: Teams only need to register ONE account. Get it:
#metasploitctf
17
236
375
We have a new YouTube channel! We'll be publishing ~biweekly demos of new stuff in Metasploit Framework here
6
212
358
Metasploit module for Samba CVE-2017-7494 just landed. Any writable share (auth or not) is RCE. Thanks
@hdmoore
and everyone who helped test
4
372
359
Tip: Stop setting RHOSTS for each of your modules and instead set it globally with 'setg RHOSTS x.x.x.x'. Use the 'tips' command in
#Metasploit
for more suggestions.
4
99
352
Encapsulating antivirus evasion techniques in Metasploit Framework: New research from
@_sinn3r
, a new module type in MSF 5, and a framework for developers to build their own evasion modules.
4
179
309
Cheers to
@HackingDave
and the whole
@DerbyCon
community for hosting (and heckling) the Metasploit Town Hall for the past five years. Thanks for all the shells!
5
70
310
New Metasploit research from
@_surefire_
and
@jhartftw
: A practical exploitation guide for Java serialization vulnerabilities. MSF now includes native support for building Java deserialization payloads with
@frohoff
's ysoserial.
2
156
285
Registration for the 2018 Metasploit community CTF is now open: . Help us keep the game accessible to as many folks as possible by only registering ONE account per team (share creds, friends). Full rules and prizes here:
6
191
276
Metasploit shellcode grows up: Introducing encrypted and authenticated C shells in MSF 5 New payloads c/o
@SpaceySpacek
3
133
264
We released Metasploit Framework 5.0 last month. Support for Python and Go, database and automation APIs, evasion modules, and new usability improvements—see what's new:
4
123
255
Last year,
@wvuuuuuuuuuuuuu
researched and published a command-and-control module for SMB DOUBLEPULSAR. Since then, we've researched and reverse-engineered the RDP version of the implant. Today we're publishing that research and a module for it. Details:
1
118
244
Psssst!
@RealTryHackMe
's Advent of Cyber Challenge begins today! Metasploit has teamed up with the THM elves for some holiday fun on Friday, December 9th! Let the cyber challenges & cheer begin!
0
42
233
We're happy to announce another
#Metasploit
community CTF coming your way December 4! We developed this year's game to be accessible to beginners who want to connect with the community. Teams of all sizes are encouraged—registration opens 11/30.
5
91
227
The latest POSIX Meterpreter supports webcam snapshots on Linux.
9
93
216
"Metasploit is built on the premise that security professionals need to have the same tools that attackers do" -
3
107
204
The Metasploit research team noticed an uptick in Java deserialization CVEs and a recent rise in exploit modules for JSO-related vulns. We were intrigued—so we added ysoserial support to MSF and wrote a practical JSO exploitation guide.
1
89
209
Want to learn Metasploit but don't have vulnerable servers to play with? Check out our new open source vuln emulator
3
155
203
Thanks for trusting us,
@zerosum0x0
. We're digging into it and will keep the code private to the core MSF team until we think it’s ready for the Framework PR queue.
0
66
198
Howdy, folks. We'll be hosting another community CTF at the end of January. Stay tuned for a registration announcement next week.
#metasploitctf
3
78
189
Metasploit 6.3.18 has added support for Active Directory Certificate Services ESC4 exploitation, as well as a new sudoedit extra arguments privilege escalation module
0
40
189
Introducing AttackerKB: A new community resource that highlights diverse perspectives on which vulnerabilities make the most appealing targets for attackers.
4
93
189
This week's wrap up includes 10 new modules with OS X M1/M2 payloads, a Citrix RCE, and AWS Instance sessions
1
43
178
Our research team has been analyzing vulns and exploitable conditions for more than a decade and documenting the process of turning PoC and PRs into modules. It's time those notes left
@_sinn3r
's computer. Introducing the Metasploit Development Diaries:
1
84
166
Landed. Thanks to the giant group of community testers and code reviewers, and to
@JaGoTu
and
@zerosum0x0
for the excellent contribution.
1
76
166
Code execution, command injection, and privilege escalation...OH MY!! Our new weekly from
@pearce_barry
wrap-up has it all! 🦁🐯🐻
3
54
163
Open source command and control of the DOUBLEPULSAR implant: New research from
@wvuuuuuuuuuuuuu
and
@shellfail
details a path to RCE on the backdoor widely attributed to the NSA
0
91
156
Hiding Metasploit shellcode to evade Windows Defender—last month's update from
@_sinn3r
on improving payload evasion.
1
97
153
Save time typing in msfconsole with the alias plugin:
1
97
147
Headed to
#DEFCON26
? Find us and the rest of the
@Rapid7
family in the vendor hall selling limited edition
#Metasploit0xf
Anniversary Tour shirts to benefit
@EFF
. Get it.
10
29
143
now has more info and focus on the open source community. Check it out for all your Metasploit needs.
7
89
140
Eternalblue module landed on Metasploit's master branch thanks to great work by
@zerosum0x0
&
@JennaMagius
! x64 only for now, more coming
2
111
141
We added initial support for GoLang in Metasploit last month. Pumped? Here's how to write an external GO module.
6
61
136
ICYMI Metasploit's auxiliary/scanner/smb/smb_ms17_010 can detect both
#EternalBlue
vuln and
#DoublePulsar
backdoor
0
118
136
Want to rain shells on the Linux version of Metasploitable3...and win prizes? Come play with us. Announcing the Metasploit community CTF!
0
83
133
See no evil, speak no evil: Introducing pingback payloads in MSF 5
1
75
137
Weekly wrap-up via
@n00tmeg
: Metasploit now captures NTLM hashes from any recent Windows release using SMBv2 and SMBv3, even with encrypted SMB traffic. Plus,
@chompie1337
's eBPF exploit lands, along with modules for Git LFS and Geutebruck IP cameras 👯
2
44
132
#Metasploit
wrap-up via
@tychos_moose
: Seven new modules, including two Windows 10 UAC bypasses and an evasion module. We also fixed that pesky digital signing issue.
0
44
124
13 new modules this week with plenty of RCE! Plus, C randomization for all your evasion needs. See what landed in the Metasploit weekly wrap-up:
0
63
126
Game on, CTF players! An important PSA: Reverting boxes takes a long time, so it's wise to not revert unless you have to. Good luck.
2
42
129
Announcing beta sign-up for AttackerKB: a new resource to highlight hacker community knowledge on which vulns matter most—and why.
2
61
122
It's our birthday, and we want all the shells: New wrap-up featuring SOCKS5 improvements, a fresh Impacket-based module, MultiDrop mania, and the ability to put Meterpreter on 64-bit iOS devices (<= 9.3.4) thanks to Trident and contributor
@timwr
.
5
55
119
Direct link to
@_sinn3r
's research on antivirus evasion techniques in Metasploit Framework:
Source code for two new evasion modules in MSF 5:
0
56
115
Announcing Metasploit 6.2! Highlights include a new global network capture plugin, SMB 1/2/3 server support, user-contributable docs, support for debugging Meterpreter sessions, local exploit suggester improvements, and more! 🔥🔥🔥🔥🔥🔥.🔥🔥
34
45
116
Fresh from
@_sinn3r
: A primer and technical tutorial on heap overflow exploitation on Windows 10
1
65
116
This week's wrap-up is 🔥🔥 with a Spring4Shell RCE, a Cisco RCE, an F5 Big-IP RCE auth bypass, a Powershell Command Adapter & more 😤😤
1
27
116
We've seen a few more PRs exploiting (de)serialization vulnerabilities over the past few weeks. Check out
@_surefire_
's research-slash-guide on Java serialization exploits here:
1
46
110
This week's wrap-up includes 4 new exploit modules and a handful of bug fixes
1
42
107
Demo from
@_sinn3r
on using Metasploit Framework's new evasion module type to create a payload that evades Windows Defender:
2
55
104
Announcing the 2021 Metasploit community CTF: Registration opens Nov. 22, game play begins Dec. 3. Teams welcome and encouraged as always— thanks to
@RealTryHackMe
and
@ctfdio
for supporting this year's game.
0
45
103
Pre-registration for the 2021 Metasploit community CTF is now open. Competition details here: . Join the Metasploit Slack team to find teammates or talk to the community. Thanks to
@realtryhackme
and
@ctfdio
for supporting this year's game!
1
39
100
We owe you a debt,
@hdmoore
. From the whole Metasploit family, godspeed and thanks for all the shells.
2
22
96
That's a wrap on the 2020 Metasploit community CTF. Congrats to winners pepega, excusemewtf, and exit, and cheers to everyone on a well-played game! Big thanks to
@ctfdio
and
@hackthebox_eu
for powering the game and supplying sweet prizes.
3
19
97
ICYMI: We introduced evasion modules to Metasploit Framework this week. Generate evasive payloads without installing external tools, benefit from
@_sinn3r
's AV evasion research, and write your own evasion modules.
0
45
90
190 unique authors contributed code to Metasploit in 2016. Thank you all
0
38
90
Weekly wrap-up: Rising tide lifts all privs, Oracle-foretold RCE, and two new MS17-010 exploit modules that work against any version of Windows thanks to contributor
@zerosum0x0
6
43
88
The Metasploit Development Diaries: From 0day to foreverday, here's how our research team analyzes vulnerabilities for potential inclusion in Framework. Technical analysis by
@_sinn3r
.
0
48
88
New privilege escalation and command injection exploits, plus a SOCKS5 demo and a Mettle extension that plays sounds on a victim host. This week's Metasploit wrap-up c/o
@3ss_G33
:
0
61
82
Find yourself typing the same stuff in msfconsole repeatedly? Put cmds in a file under ~/.msf4/scripts/resource/. Run with resource command
2
51
84
Dear diary:
I wish I may, I wish I might
Find a sweet 0day tonight.
But if that 0day don't play nice
Foreverday will sure suffice.
<3 Metasploit
1
28
87
CTF registration opens tomorrow at noon EST. Teams are allowed; only one registration is needed per team.
0
41
81
Weekly wrap-up via
@wvuuuuuuuuuuuuu
: Improved BlueKeep exploit reliability c/o
@zerosum0x0
, two new Pulse Secure VPN modules, and a password cracking overhaul that adds support for hashcat.
2
43
83
Happy 2019: Metasploit dev
@wvuuuuuuuuuuuuu
has a deep dive on developing exploits for three vulns leveraged by the Morris Worm—which, as players may remember, was the inspiration for his Cuckoo's Egg-themed CTF challenge this past year.
0
37
86
"The Cisco ASA 5505 as a Stepping Stone Into Embedded Reverse Engineering" by the awesome
@iamwilliamwebb
0
59
80
Last week's wrap-up via
@HacksForProfit
: Three new exploits for JIRA, Git, and Cisco Prime Infrastructure, plus an O365 user enumeration module—in Python, no less. May your Thanksgiving be full of shells.
0
40
77
A new twist to the
#MetasploitCTF
this year: The higher the port number, the harder the challenge. Want easier challenges? Start looking at services on lower-numbered ports. Game play starts Friday!
5
27
84
Weekly wrap-up: An exploit module for
@taviso
's Ghostscript -dsafer bypass and more payload documentation, plus updates on external module support and Metasploit's remote data service.
0
37
82
2019
#Metasploit
Framework wrap-up: Two new payload types, six pieces of research, a password-cracking overhaul,
#BlueKeep
mania. Plus, our list of MVP module contributions, from VPN and deserialization exploits to some neat persistence content. Cheers!
0
33
79
Ignore the internet today and look at ponies in Metasploit instead.
2
16
80
@busterbcook
Huge thanks to PoC developers
@zerosum0x0
and
@ryhanson
, and to
@TomSellers
,
@TheColonial
,
@zeroSteiner
,
@rickoates
,
@wvuuuuuuuuuuuuu
,
@_sinn3r
, and
@tychos_moose
, all of whose work was key in both exploit development + enhancements that will serve MSF users well beyond BlueKeep.
2
17
82
Look ma, no msfconsole: an update on Metasploit's work to support external modules—featuring Python, Impacket, Teradata, and more.
0
35
80
ICYMI: There's now a quick-start set-up option for Metasploitable3 that gets you up and running in minutes, thanks to pre-built Vagrant boxes for VMware and Virtualbox.
1
42
79
Weekly
#Metasploit
wrap-up's out c/o Chris Granleese: Two new modules, including an exploit for
#PrintNightmare
CVE-2021-34527🐚
1
28
76
Want to help us build Metasploit 6? We're hiring a new team of software engineers in Rapid7's
#Belfast
, UK office to help shape the future of Framework. Local to Belfast and passionate about open-source? Apply here:
2
34
74
Want to contribute to Metasploit but don't know where to start? Our issue queue is full of bugs to squash and features to work on:
2
33
71
Metasploit weekly wrap-up: Two new Linux exploit modules, an ssh_enumusers update that lets attackers guess user accounts on more versions of OpenSSH, and some neat improvements. Plus, thanks to all our awesome GSoC students!
2
41
72
We've posted the demo that
@zerosteiner
gave at Black Hat Arsenal 2023 about some of the new AD stuff from 6.3!
It includes:
LDAP Enumeration
Kerberos Authentication
Kerberos Ticket Forging
Kerberos Debugging
ADCS
0
32
77
Weekly wrap-up via
@errancarey
: Metasploit users can now make HTTPS requests over pivoted sessions, thanks to new support for negotiating SSL connections over multiple connection types, including Meterpreter and SSH. Plus, *28* new post modules! 😱
3
29
74
Fresh module based on research from
@wvuuuuuuuuuuuuu
gets RCE and executes a
#Metasploit
payload against the Equation Group's DOUBLEPULSAR implant for SMB.
1
34
73
We do enjoy stickers.
0
7
73
Last week's Metasploit wrap-up: Linux privilege escalation, a sweet Mimikatz Kiwi plugin update, some bad French, and your last chance to give us input on what you want to do with Metasploit data
1
34
71
Weekly wrap-up via Alan Foster: Four new modules, including LPEs for Microsoft Azure OMI CVE-2021-38648 and Win32k CVE-2021-40449, plus named pipe pivoting fixes and enhancements.
1
26
71
For the past 18 months, Metasploit's core engineering team in Belfast has been working on improving the overall user experience in Framework. We've completely overhauled option support to allow for easier URI targeting and streamlined workflows.
2
23
68
Different place, same hacks:
22
18
70