Last updated at Thu, 30 Nov 2023 00:10:34 GMT

Rapid7 and the Metasploit Project are proud to announce version 3.5.1 of the Metasploit Framework!  This minor version release adds 47 new modules, including exploit covereage for recent bugs in the news: Exim4, Internet Explorer, and ProFTPd.  Java payloads have seen significant improvement and java_signed_applet can now use them for complete cross-platform no-exploit-required pwnage.  Eight new meterpreter scripts were added, including smartlocker and schelevator, an exploit for the 0-day privilege escalation used by stuxnet.  Meterpreter itself now has support for remotely turning on and recording from webcams and microphones, completely in memory.  You can now export stolen hashes in John the Ripper and pwdump formats, facilitating cracking with standard tools.  PCAP support has been added to db_import allowing you to pull in hosts and services without sending a single packet.

Development continues at break-neck speed with around 45 tickets closed since the last release.  This graph, from, summarizes the framework's increased pace quite well.

For this release, we've added a Linux installer that bundles Java and PostgreSQL.  Now you can run msfgui and use a database connection out of the box with zero configuration on Linux and Windows.  The new installers use a gui to ask you where to install, so for headless installations you can run them with "--mode text" to keep everything in a shell, or just accept all of the defaults with "--mode unattended".

For more details, see the full 3.5.1 release notes.  As always, the latest version is available from the Metasploit download page.