This week's update features a great big pile of Java source code, a makeover for a perennial favorite feature, and a handful of new exploits. Read on, or just skip all the yadda yadda and download Metasploit here.
This week's biggest change in terms of LOC (lines of code) is the inclusion of the Armitage source code, in external/source/armitage. For a while now, we've been distributing Raphael Mudge's Armitage front-end for the Metasploit Framework, but the source has been over in code.google.com; that makes for a disconnected experience for developers who might want to fix up Armitage bugs or experiment with new functionality. Now that we've got the source in the Metasploit distribution proper, that should make life easier for everyone. You can read lots more about Armitage at Raphael's site, fastandeasyhacking.com.
James "egypt" Lee pulled in Alex Malateaux's update for Psnuffle this week as well, so now pnsuffle can eavesdrop on NTLMv2 connections and store those credentials away for later reuse. This update triggered a code cleanup on the rest of psnuffle in general, which brings a couple of heaping handfuls of small bugfixes. For some background on what all psnuffle can do in terms of credential eavesdropping, check the video demo from Max Moser.
Only four new modules this week, but the PHP module by HD Moore and egypt is kind of a big deal. If you run a PHP-powered site, you might want to check this right away.
If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.
For additional details on what's changed and what's current, please see the most excellent release notes.