Metasploit 4.10.0 (Update 2014102201)

Document created by tdoan Employee on Oct 22, 2014
Version 1Show Document
  • View in full screen mode


This weekly update contains six new exploit modules and three new auxiliary and post-exploitation modules.


Exploit Modules

Auxiliary and Post-Exploitation Modules

Notable Fixes and Changes

  • #4002: mscli exposes Actions on the command line
  • #4026: Msf::DBManager reorganized
  • #4031: Syntax error in PureFTP-d shellshock exploit fixed
  • #4034: Added a POODLE scanner module: auxiliary/scanner/http/ssl_version
  • #4037: Added "Drupageddon" module for Drupal 7.x pre-7.32
  • #4041: Added an animated cursor to msfconsole to signal things aren't hung
  • #4042: Fixed overhauled Msf::DBManager NameErorrs
  • #4044: Added a Sandworm (CVE-2014-4114) exploit
  • Pro: The Configure a Nexpose Console modal, which is accessed from the Vulnerability Validation Wizard, and the New Custom Resource modal, which is accessed from the Custom Reports area, will now close properly after you save or exit them.
  • Pro: In response to the POODLE vulnerability (CVE-2014-3566), the ability to set the SSL version for social engineering campaigns has been removed. All campaigns served over SSL will default to TLSv1.


How to Upgrade

To upgrade Metasploit Pro, go to the Administration menu and choose the Software Updates option. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.


Version Information

PRO 4.10.0 updates to 4.10.0-2014102201

MSF3 4.10.0 updates to 4.10.0-2014102201