Rapid7 on Friday announced the release of Metasploit 5.0. The latest major version of the popular penetration testing framework introduces several new important features, improved performance, and its developers say it should be easier to use.
According to Rapid7, Metasploit 5.0 brings significant changes in terms of database and automation APIs, improving the way the platform interacts with data and other tools. Metasploit has been using the PostgreSQL database system, but the latest version also allows users to run the database as a RESTful service, enabling interaction with Metasploit consoles and external tools.
There is also a new JSON-RPC API that should make it easier to integrate the framework with new tools and languages. In addition, Metasploit’s own automation protocol is now complemented by a common web service framework for the database and automation APIs.
Another significant improvement in Metasploit 5.0 is related to evasion modules and libraries. Penetration testers can now generate their own evasion modules more easily using the C programming language.
The latest version also enables the execution of an exploit module against multiple targets at a time.
Other improvements include faster and more advanced search functionality for modules, a new metashell feature, and support for three new languages – Go, Python and Ruby – for external modules.
Metasploit 5.0 is currently available from its official GitHub project. Rapid7 says it’s in the process of informing third-party developers that Metasploit 5.0 is stable – Linux distributions such as Kali and ParrotSec are shipped with Metasploit.
“Metasploit 5.0 offers a new data service, introduces fresh evasion capabilities, supports multiple languages, and builds upon the Framework’s ever-growing repository of world-class offensive security content,” wrote Brent Cook, engineering manager for Metasploit at Rapid7. “We’re able to continue innovating and expanding in no small part thanks to the many open source users and developers who make it a priority to share their knowledge with the community. You have our gratitude.”
Related: NSA-Linked Hacking Tools Ported to Metasploit
Related: Rapid7 Adds Hardware Testing Capabilities to Metasploit
Related: Vulnerable Services Emulator Released for Metasploit
Related: New Encrypted Downloader Delivers Metasploit Backdoor