Metasploit 4.9.2 (Update 2014040906)

Document created by Brandon Turner Employee on Apr 10, 2014Last modified by Brandon Turner Employee on Apr 11, 2014
Version 2Show Document
  • View in full screen mode


This updates Metasploit to 4.9.2.


This addresses CVE-2014-0160 (the OpenSSL Heartbleed bug).  All components previously vulnerable have been upgraded or recompiled against OpenSSL 1.0.1g, including:

  • Nginx
  • Nmap
  • OpenSSL
  • PostgreSQL
  • Ruby


After applying this update, we strongly recommend re-generating your SSL keys and certificates.  Please see security advisory for the heartbleed vulnerability for instructions and more information.


This update also includes 7 new exploit modules and 10 auxiliary/post modules since Metasploit 4.9.0.


Exploit modules


Auxiliary and post modules


Notable Changes and Resolved Issues

  • 8780 - Msf::Auxiliary::Nmap - ActiveRecord::ConnectionNotEstablished Error
  • PostgreSQL upgraded to 9.3.4
  • Nginx upgraded to 1.4.7
  • OpenSSL upgraded to 1.0.1g



How to Upgrade

Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.


Version Information

PRO 4.9.2-2014040906

MSF3 4.9.2-2014040906