Upgrade Your SOCKS

Thanks to zeroSteiner, we have some very nice additions to the SOCKS5 library this week. His changes enabled BIND connections through the SOCKS5 proxy, improved automated testing around the code, and broke it up into more manageable, targeted submodules. Now that Trevor’s dying wish has been fulfilled, the team can finally leave this room.

Docs with Swagger

Have you heard about the REST API that is being actively developed for Metasploit Framework? Well if you haven’t, it’s a new feature that allows you to interact with the database using JSON over HTTP, and now is the perfect time to learn more. The API endpoints are now fully documented and full of Swagger. You’ll find more information on how to configure the remote data service and access these fancy new docs here.

Helping the Community Rocks

Twitter user @omespino tweeted a nice, concise shell command for finding all Metasploit modules that target a specific known port. Auxilus saw this tweet and realized this functionality already existed in Framework, but it wasn’t documented correctly. Within hours he put up a PR to fix the doc problem and landed it shortly after. Talk about collaboration!

New Modules

Exploit modules (1 new)

Auxiliary and post modules (1 new)

Improvements

wvu-r7 added the ability to tab complete LHOST with your available interface names or IPv6 address.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.