Rapid7 on Friday announced the release of Metasploit 5.0. The latest major version of the popular penetration testing framework introduces several new important features, improved performance, and its developers say it should be easier to use.
According to Rapid7, Metasploit 5.0 brings significant changes in terms of database and automation APIs, improving the way the platform interacts with data and other tools. Metasploit has been using the PostgreSQL database system, but the latest version also allows users to run the database as a RESTful service, enabling interaction with Metasploit consoles and external tools.
There is also a new JSON-RPC API that should make it easier to integrate the framework with new tools and languages. In addition, Metasploit’s own automation protocol is now complemented by a common web service framework for the database and automation APIs.
Another significant improvement in Metasploit 5.0 is related to evasion modules and libraries. Penetration testers can now generate their own evasion modules more easily using the C programming language.
The latest version also enables the execution of an exploit module against multiple targets at a time.
Other improvements include faster and more advanced search functionality for modules, a new metashell feature, and support for three new languages – Go, Python and Ruby – for external modules.
Metasploit 5.0 is currently available from its official GitHub project. Rapid7 says it’s in the process of informing third-party developers that Metasploit 5.0 is stable – Linux distributions such as Kali and ParrotSec are shipped with Metasploit.
“Metasploit 5.0 offers a new data service, introduces fresh evasion capabilities, supports multiple languages, and builds upon the Framework’s ever-growing repository of world-class offensive security content,” wrote Brent Cook, engineering manager for Metasploit at Rapid7. “We’re able to continue innovating and expanding in no small part thanks to the many open source users and developers who make it a priority to share their knowledge with the community. You have our gratitude.”
Related: NSA-Linked Hacking Tools Ported to Metasploit
Related: Rapid7 Adds Hardware Testing Capabilities to Metasploit
Related: Vulnerable Services Emulator Released for Metasploit
Related: New Encrypted Downloader Delivers Metasploit Backdoor

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Google Patches Third Chrome Zero-Day of 2023
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
Latest News
- Sysdig Introduces CNAPP With Realtime CDR
- Stay Focused on What’s Important
- VMware Plugs Critical Flaws in Network Monitoring Product
- Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
- US, Israel Provide Guidance on Securing Remote Access Software
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
