Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Shelby Pace  

Shelby Pace, Security Researcher I at Rapid7, helps contribute to Metasploit Framework by researching vulns, writing modules, and assisting the integration of contributed modules into Framework.

Metasploit Wrap-Up

Five new modules plus fixes and enhancements. Exploits for ManageEngine, rConfig, and SQL Server Reporting Services, among others.…

Metasploit Wrap-Up

BlueKeep is Here The BlueKeep exploit module is now officially a part of Metasploit Framework. This module reached merged status thanks to lots of collaboration between Rapid7 and the MSF community members. The module requires some manual configuration per target, and targets include both virtualized…

Metasploit Wrap-Up

I am Root An exploit module for Nagios XI v5.5.6 was added by community contributor yaumn. This module includes two exploits chained together to achieve code execution with root privileges, and it all happens without authentication. A single unsanitized parameter in magpie_debug.…

Metasploit Wrap-Up

Introducing Metasploit Development Diaries We are happy to introduce a new quarterly series, the Metasploit Development Diaries. The dev diaries walk users and developers through some example exploits and give detailed analysis of how the exploits operate and how Metasploit evaluates vulnerabilities for inclusion in…

Metasploit Wrapup

Backups that Cause Problems hypn0s contributed a module that exploits Snap Creek’s Duplicator plugin for WordPress. Duplicator is a plugin that eases the backup and migration of WordPress installations. For versions 1.2.40 and below, Duplicator leaves behind a number of sensitive files,…

Metasploit Wrapup

ssh_enumusers Gets An Update wvu integrated the malformed packet technique into the ssh_enumusers module originally written by kenkeiras. This module allows an attacker to guess the user accounts on an OpenSSH server on versions up to 7.7, allowing the module to work…