The role and demand for red-teaming capabilities are growing, as more exploitable CVEs make their way into criminal hands. Being proactive is no longer a capability that can be reserved for annual tests, but a continuous assessment to determine exposure and even through the validation of an organization's security posture. With this in mind, we are delighted to announce the long awaited availability of Metasploit Pro 5.0.0 – which is not just an update, but a fundamentally new approach to red-teaming, designed with the sole intention of staying ahead of ever-increasingly capable threat actors.
Amongst the multitude of changes, Metasploit 5.0.0 offers an intuitive testing workflow that removes the ever evolving complexity of testing, as well as a suite of powerful new modules and critical enhancements. This is the version you can't afford to miss. For all the technical details, the granular release notes can be viewed here.
So what’s new?
Intuitive testing workflow
Say goodbye to complexity, as Metasploit Pro has completely overhauled the testing workflow. Updates are highlighted by an intuitive user interface, ensuring that your focus remains on high-value penetration testing and vulnerability validation, not fighting the interface. These changes are the foundation for the future, preserving the core functionality you rely on while enabling even more powerful features down the road.
⠀
Stop guessing and start seeing. The new implementation of Network Topology support provides instant, crystal-clear clarity on hosts that have been compromised, have associated cracked credentials, or captured data. For enterprise environments with vast, complex surfaces, we’ve invested in performance improvements, giving you the power to zoom and pan through hundreds of available hosts with zero lag. This is actionable visualization that transforms data into defense.
⠀
Vulnerability detection improvements
Get the necessary assurance before you click 'run.' Metasploit modules can now register crucial vulnerability detection details as part of running. This means that modules capable of running pre-check detection logic give you the full intelligence picture before you attempt exploitation. This new level of transparency and detail empowers you to make smarter, faster decisions, saving you precious time and minimizing the chance of failed module runs and adverse side effects.
⠀
Advanced workflow improvements
Unleash your inner expert with unprecedented control and efficiency. Advanced users of Metasploit Pro will immediately benefit from multiple UX improvements to the single module run page. Tired of manually configuring options? Users now receive intelligent suggestions for applicable values, including network targets, Kerberos credential cache files, and more – streamlining ADCS workflows.
⠀
Furthermore, you now have the ability to manually choose and configure individual payloads, giving you the final word on how you exploit targets. Metasploit Pro will continue to default to the most common payload for each exploit.
Plus, new quality-of-life improvements for replaying module runs ensure that verifying remediation and re-exploiting targets is a seamless, one-click process. Gone are the days of reconfiguring an entire module run to change a single option. The old list view has also been updated to include the ability to view the module option details that a module was run with. These capabilities can additionally be leveraged by advanced users who are interacting with Metasploit Pro in a programmatic fashion or through the command line interface to see exactly how Metasploit Pro is running modules.
⠀
Finally, boost your team's collaboration with the new session tagging feature. Sessions can now be tagged to facilitate advanced and coordinated post-exploitation workflows. Team members can apply instant, custom tags to track status and flag arbitrary qualities, which significantly improves coordination and organization across multi-person engagements.
AD CS exploitation
Tackle one of the most critical attack vectors in modern networks: Metasploit continues its relentless investment in modern exploitation techniques with the groundbreaking updates to the AD CS Workflows Metamodule. This powerful new feature is a significant advancement, providing security professionals with an automated, comprehensive approach to identifying and leveraging nine common AD CS vulnerabilities.
Now we’ve taken it even further, with new support for the latest and most dangerous ESC flaws: ESC9, ESC10, and ESC16. Take back control of your Active Directory environment and neutralize these threats with surgical precision. For detailed configuration instructions and comprehensive feature documentation, visit our AD CS Workflows MetaModule documentation.
⠀
Session tags
In fast-moving operations, context can disappear quickly as new sessions come online and analysts shift between tasks. Session tagging brings clarity back to your workflow by letting you attach meaningful labels to every open session. Instead of relying on IPs or hostnames alone, you can tag sessions with identifiers that matter to your team - such as priority, environment, or role - making it easy to group related systems and instantly recognize high-value targets.
⠀
SAML Single Sign On
Metasploit Pro now incorporates SAML Single Sign-On (SSO) authentication, providing your team with a simple, unified login experience. By connecting to your centralized directory, users can access Metasploit Pro with the same credentials they use for all other major applications. Administrators can easily configure their identity provider (IDP) to enable a passwordless workflow and utilize existing Multi-Factor Authentication (MFA) services, making access quick, consistent, and part of your standard corporate flow.
These features are available in Metasploit Pro 5.0.0 onwards. We’re also proud to collaborate with our customers, who are often the source of inspiration for product evolution. Ideas for improvements or enhancements can be shared with our Support team to help you refine the idea, then submit it to our Product team on your behalf.
Related viewing
Rapid7 Labs launched a podcast today! Episode 1 of 'Hacktics & Telemetry' is now live on Rapid7's YouTube page. Alongside some expert commentary on emergent threats and an exciting guest spot, the final segment is all about Metasploit Pro 5.0.0. Dive into our official companion blog here, and find the full episode embedded below.
⠀
