Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

Metasploit 5.0 released!

Save for later
  • 3 min read
  • 14 Jan 2019

article-image

Last week, the Metasploit team announced the release of its fifth version, Metasploit 5.0. This latest update introduces multiple new features including Metasploit’s new database and automation APIs, evasion modules and libraries, expanded language support, improved performance, and more.

Metasploit 5.0 includes support for three different module languages; Go, Python, and Ruby.

What’s New in Metasploit 5.0?

Database as a RESTful service


The latest Metasploit 5.0 now adds the ability to run the database by itself as a RESTful service on top of the existing PostgreSQL database backend from the 4.x versions. With this, multiple Metasploit consoles can easily interact. This change also offloads some bulk operations to the database service, which improves performance by allowing parallel processing of the database and regular msfconsole operations.

New JSON-RPC API


This new API will be beneficial for users who want to integrate Metasploit with new tools and languages. Till now, Metasploit supported automation via its own unique network protocol, which made it difficult to test or debug using standard tools like ‘curl’.

A new common web service framework


Metasploit 5.0 also adds a common web service framework to expose both the database and the automation APIs; this framework supports advanced authentication and concurrent operations and paves the way for future services.

Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at R$50/month. Cancel anytime

New evasion modules and libraries


The Metasploit team announced a new evasion module type in Metasploit along with a couple of example modules in 2008. Using these module types, users can easily develop their own evasions and also add a set of convenient libraries that developers can use to add new on-the-fly mutations to payloads. A recent module uses these evasion libraries to generate unique persistent services. With Metasploit 5.0’s generation libraries, users can now write shellcode in C.

Execution of an exploit module


The ability to execute an exploit module against more than one target at a given point of time was a long-requested feature. Usage of the exploit module was limited to only one host at a time, which means any attempt at mass exploitation required writing a script or manual interaction. With Metasploit 5.0, any module can now target multiple hosts in the same way by setting RHOSTS to a range of IPs or referencing a hosts file with the file:// option.

Improved search mechanism


With a new improved search mechanism, Metasploit’s slow search has been upgraded and it now starts much faster out of the box. This means that searching for modules is always fast, regardless of how you use Metasploit. In addition, modules have gained a lot of new metadata capabilities.

New metashell feature


The new metashell feature allows users to background sessions with the background command, upload/download files, or even run resource scripts, all without needing to upgrade to a Meterpreter session first.

As backward compatibility, Metasploit 5.0 still supports running with just a local database, or with no database at all. It also supports the original MessagePack-based RPC protocol.

To know more about this news in detail, read its release notes on GitHub.

Weaponizing PowerShell with Metasploit and how to defend against PowerShell attacks [Tutorial]

Pentest tool in focus: Metasploit

Getting Started with Metasploitable2 and Kali Linux