Rapid7 Blog

Metasploit  

Metasploit Wrapup

'Sploits! Get yer 'sploits heeere! Lots of fresh modules this week with six shiny new exploits to showcase—but first, a blast from the past: 1992 Called Solaris wants to help you get password hashes and they've invented the NIS protocol. The next time you…

Metasploit Wrapup

2018: a new year, new vulns, and endless opportunities to exploit them. The Metasploit community is kicking off the year with a variety of new content, functionality, research, and coordinated vulnerability disclosure. New Year, New Vulns After a couple months of coordinated disclosure work, long-time…

A Visit From a Printer PoC

The story of a group effort to perform a successful holiday printer hack...translated into rhymed verse for your HaXmas entertainment.…

12 Memorable Metasploit Moments of 2017

This HaXmas, we delve into 12 Memorable Metasploit Moments from 2017 that inspired us, impressed us, and made us feel more connected to our global community of contributors, users, and friends.…

Regifting Python in Metasploit

Metasploit has been taking random Python scripts off the internet and passing them off as modules! Well, not exactly. Read on to see how we're extending the module system's scalability and what Python has to do with that.…

HaXmas: The True Meaning(s) of Metasploit

Rapid7 Research Director Tod Beardsley kicks off our storied "12 Days of HaXmas" series with a thrilling tale of browser 0day, exploit module development, and the true meaning(s) of Metasploit.…

Metasploit Wrapup

Even with the year winding down to a close, activity around Metasploit has been decidedly “hustle and bustle”. Some cool new things to talk about this week, so sit back and dig in! For Your iOS Only If you’ve been wanting to run Meterpreter…

Metasploit Wrapup

I Read the News Today, Oh Boy As we near the end of the year we must express appreciation for the Metasploit community as a whole. Each contribution is valuable, be it an exploit for the latest vulnerability, documentation, spelling corrections, or anything in between.…

Congrats to the 2017 Community CTF Winners

It’s official: The 2017 Metasploitable3 community CTF has come to a close. Congrats to our winners! Each of the top three teams submitted all 14 flags in under 24 hours. Who needs sleep when you can live on shells? Standing Team First place rot26…

Metasploit Wrapup

Have you ever been on a conference call where you really wished you could take command of the situation? With Metasploit Framework and the new Polycom HDX exploit, you can (if given permission by the owner of the device, that is)! If teleconferencing isn't your…

Metasploit Wrapup

Here in the U.S., we just celebrated Thanksgiving, which involves being thankful, seeing friends and family, and eating entirely too much (I know that last one is not uncommon here). After a large meal and vacation, we figured that it would be a nice,…

Announcing the Metasploitable3 Community CTF

Been waiting for the Linux version of Metasploitable3 to drop? We’ll do you one better: Metasploit is giving the community a week to rain shells on a penguin-shaped Metasploitable3 instance—and to win prizes at the end of it. Play starts December 4; see…

Metasploit Wrapup

This is a time of year when many folks in the U.S. reflect on things in their lives that they are thankful for. There’s also usually a turkey involved, but we figured we’d pardon the bird this wrapup and just focus on…

Metasploit MinRID Option

We’ve added a new option to the smb_lookupsid Metasploit module. You can now specify your starting RID. Wait, What Does This Module Do Again? As a penetration tester, one of the first things I try to do on an internal network is enumerate…

Metasploit Wrapup

Metasploit kicked November off to a roaring start with a wholesome dose of RCE, LPE, command injection, DoS, and more fixes/improvements. So many file choosers…but which one to choose? Big ups to @RootUP for the DoS module targeting a vulnerability in IBM’s…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now