We have updated Metasploit Pro's bruteforce capabilities to now support LDAP scanning. Metasploit Pro's network scanning capabilities have been improved. This release also includes 7 new modules, such as pgAdmin CVE-2024-3116, Ivanti Virtual Traffic Manager (vTM) CVE-2024-7593, and more. Users that are connecting to a Windows environment to perform their Metasploit Pro updates or installs (either via RDP, SSH, or similar) might have their connections to the server temporarily disconnect during this update - this is required to support the latest network scanning capabilities in Metasploit Pro.
The Jenkins bruteforce capabilities now correctly identify when Jenkins requires authentication. This release also includes 3 new modules, including two SQL injection modules for DIAEnergie and Fortra FileCatalyst, as well as a SPIP Unauthenticated RCE Exploit.
We have improved the stability of Metasploit Pro for Windows environments when starting. The Bruteforce capabilities have performance enhancements to support larger credentials lists. This release includes 8 new modules, such as Apache HugeGraph Server CVE-2024-27348, FortiClient EMS FCTID CVE-2023-48788, and more.
We have updated the version of Metasploit Framework to include new modules and enhancements.
We have updated the version of Metasploit Framework to 6.4 which enables new PostgreSQL, MSSQL, MySQL and SMB session types as well as providing Kerberos and Meterpreter payload improvements.
We resolved issues impacting bruteforce capabilities, vhost discovery, and quick penetration testing functionality for non-admin users.
We have made multiple improvements to Metasploit's scanning capabilities and the PCI Compliance Report.