Gopher It!

If you are tired of all the snake memes and images we pushed out as we stood up support for python external modules over the last year or so, I have terrific news for you! This is not a snake-themed wrapup. Instead, this is a new, shiny, gopher-themed wrapup to celebrate the first three Metasploit modules written in the Go programming language. These new aux modules implement similar functionality to others already in Metasploit: enumerating users and password spraying on Office 365 and Exchange services. But they are a first foray in exposing the speed and scalability possible with Go, making these some of the fastest scanners that Metasploit has today. That's right, Metasploit is turning into a regular polyglot at the ripe old age of 16! (don't worry, we are well aware of possible issues if the python modules ever met the gopher modules; as they are both external modules, the gophers and the pythons will not meet within Metasploit).

Putting a Bow on the Community CTF

Courtesy of offensive security community manager Caitlin Condon, we have a summary of the recent Metasploit Community CTF written up here. Contents include leaderboard positions, stats of interest, and links to community-provided write-ups for catching different flags!

Improvements

Our contributors and team members both found some bugs digging around the Metasploit tunnels this time around. Some of those tasty bugs were minor like rooting out some spaces in correcting for msftidy or jrobles-r7's update message. Others are a bit more exposed to the light of day, like bcook-r7's improve fingerprinting for Cisco ASA VPN scanner that fixes some issues where the Cisco ASAs would not redirect, as the original code expected. Other improvements include Green-m's fix enabling tab completion when using the alias command.

New Modules

Exploit modules (2 new)

Auxiliary and post modules (4 new)

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers, which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.