Last updated at Thu, 19 Dec 2019 21:58:48 GMT

It’s beginning to look a lot like HaXmas, everywhere you go! We have a great selection of gift-wrapped modules this holiday season, sure to have you entertained from one to eight nights, depending on your preference! On a personal note, we here at the Metasploit workshop would like to welcome our newest elf, Spencer McIntyre. Spencer has been a long-time contributor to the project, and we’re thrilled to have him on the team!

In the spirit of giving, space-r7 has provided you the opportunity to give the gift of an XML payload to a deserving Rest API endpoint on OpenMRS, an open-source medical record software system.

Phra got even more personal this year, allowing you to inject a gift of shellcode directly into the memory of a running process in Windows. Teamed with donut, you could spend the entire holiday season in the giving spirit!

If you are looking to feel this spirit on a more permanent basis, look no further than Michael Long’s Bash Profile Persistence Module.

If you are looking to level up this holiday season, try bundling a few CVE’s to stuff containers and elevate with the Comahawk escalation module for Windows, written by tychos_moose.

And finally, possibly the most giving of all, Kenneth LaCroix has channeled his inner Ruby-Nosed-Reindeer to guide us with documentation!

New modules

Enhancements and features

Bugs fixed

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from

We recently announced the release of Metasploit 5. You can get it by cloning
the Metasploit Framework repo (master branch). To install fresh without using git,
you can use the open-source-only Nightly Installers or the binary installers
(which also include the commercial editions).