Over the last two months the Rapid7 team has been hard at work rewiring the database and session management components of the Metasploit Framework, Metasploit Express, and Metasploit Pro products. These changes make the Metasploit platform faster, more reliable, and able to scale to hundreds of concurrent sessions and thousands of target hosts. We are excited to announce the immediate availability of version 3.7 of Metasploit Pro and Metasploit Express!

Existing customers can apply the latest software update to automatically upgrade to version 3.7 or download the latest installer from Rapid7.com. For information about the Open Source Metasploit Framework, please see this blog post.

Metasploit Pro and Metasploit Express users will notice an immediate improvement in product response time. Customers with large enterprise networks will be happy to note that the commercial product can easily scale to thousands of hosts within a single project. The Data Import backend has undergone a rewrite, speeding up most import tasks by a factor of four. Metasploit Pro users will note that shell sessions can now be accessed by multiple users at a time. This allows an entire team to collaborate on the post-exploitation process and can be used as a training aid for junior analysts.

In addition to the scalability and performance improvements in this release, the Metasploit team (Rapid7 and Community) added 67 new modules, consisting of 35 exploits, 17 post-exploitation modules, and 15 auxiliary modules.  This release adds full support for SMB Signing (courtesy Alexandre Maloteaux), which allows for exploitation of Windows systems that enforce a mandatory-signing policy (2008 Server). The MySQL and PostgreSQL databases will now yield sessions when a password is succesfully cracked or replayed with Bruteforce. The Microsoft SQL Server modules now support NTLM authentication. Please see the Release Notes for a complete list of changes.

The screen shots below showcase some of the improvements in this release.