Happy New Year to the Metasploit community! As we kick off 2019, we're excited to see all the modules, enhancements, and discussions the new year will bring.

Ring In 2019 With SSL

There is a new datastore option courtesy of wvu called CMDSTAGER::SSL. This exposes the ability to enable SSL/TLS command stagers with set cmdstager::ssl true.

Auld Erlang Syne

Good news if you're a fan of the multi/misc/erlang_cookie_rce module: This module now has command stager support thanks to Jacob Robles. This enhancement allows more flexibility in loading and executing payloads when targeting Linux and Windows.

HaXmas Cheer

As in holiday seasons past, Rapid7 published a series of hacker- and research-oriented blogs this year highlighting cool side projects and technical deep dives. The Metasploit team contributed four of these:

The rest of the HaXmas spread features insight from Rapid7 Labs, holiday stories from our pen testing team, and Patch Tuesday data mining from the VM content team, too. See all of the HaXmas fun here.

New Modules

Exploit modules (2 new)

Improvements

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.