Metasploit Weekly Release Notes

Document created by tdoan Employee on Oct 27, 2014Last modified by shuckins on May 26, 2017
Version 150Show Document
  • View in full screen mode

Please go to to see the latest release notes.


As of February 22, 2017, this page will not be updated. Please go to the link above for the latest release notes.




This age lists all of the weekly releases for Metasploit and includes links to the corresponding release notes. For more information on each weekly release, view the release notes.


Metasploit 4.13.1


Weekly ReleaseHighlightsOffline Update Link
Metasploit 4.13.1-2017041901

Detection for Equation Group exploits

SMB2 support for login scanners with Metasploit Pro

Privilege escalation exploit for main frames

Metasploit 4.13.1-2017040501

The DANGERZONE variable

SMS notifications for new sessions

Version 2 of the SMB login scanner

The GitHub Enterprise exploit

Metasploit 4.13.1-2017032301

The Struts2 Content-Type OGNL Injection module

The QNAP NAS/NVR module


Metasploit 4.13.1-2017030801

Trend Micro InterScan Messaging Security module

The Kodi 17.0 Local File Inclusion module

Improvements to offline updates




Metasploit 4.13.0


Weekly ReleaseHighlightsOffline Update Link
Metasploit 4.13.0-2017022101

OpenOffice document macro exploit

MSSQL Code Execution exploit

Allegro Rompager Auth Bypass module

Metasploit 4.13.0-2017020701

TrueOnline exploits

Metasploit Hardware Bridge API

Cisco WebEx exploit

Metasploit 4.13.0-2017012501

Ubuntu 16.04 LTS support

Mettle payloads support pivoting with TCP and UDP sockets

Metasploit 4.13.0-2017011101

Kiwi extension support

Automatic fallback targeting




Metasploit 4.12.0


Weekly ReleaseHighlightsOffline Update Link
Metasploit 4.12.0-2016121901

Improved SMTP reliability with encrypted connections

Stageless Linux Meterpreter payloads supporting 11 CPU architectures

Universal HTTP/S Meterpreter listener

Metasploit 4.12.0-2016120701

Running resource scripts from Metasploit Pro

DLL hijack exploit

Winpmem Meterpreter extension

Metasploit 4.12.0-2016111001

Bassmaster Batch exploit

Overlayfs Privilege Escalation exploit

Support for Unicode domain names

Metasploit 4.12.0-2016102501

OpenNMS Java Deserialization exploit

Ruby on Rails Dynamic Render File Upload exploit

Powershell Payload Execution exploit

AWS EC2 enumeration

Metasploit 4.12.0-2016092601



Exploits for the commercial versions of Metasploit

Metasploit 4.12.0-2016091401Link
Metasploit 4.12.0-2016083001Link
Metasploit 4.12.0-2016081201

Added a method for querying the Powershell version

The Samsung Security Manager exploit

The VMWare Host Guest Client Redirector DLL Hijack exploit

Metasploit 4.12.0-2016081001Fixes for updating Metasploit and activating a license key when a proxy is configuredLink
Metasploit 4.12.0-2016072501Fixes for modifying target lists, attaching files to social engineering campaigns, and using report tasks in task chainsLink
Metasploit 4.12.0-2016071801

Mettle payloads

Fixes for target lists and improvements to target tracking

Metasploit 4.12.0-2016070501Link
Metasploit 4.12.0-2016062701

The Windows Gather Microsoft Office Trusted Locations module

ClamAV remote code execution

The Swagger CodeGen Parameter Injector

Metasploit 4.12.0-2016062101

General availability of Metasploit 4.12

Upgraded to Ruby on Rails 4.2

Metasploit 4.12.0-2016061501

Upgraded to Ruby on Rails 4.2



Metasploit 4.11.7


Weekly ReleaseHighlightsOffline Update Link
Metasploit 4.11.7-2016052401

Added the ability to set the cipher used by web servers to serve SSL

Added the ability to generate JAR files with msfvenom

Metasploit 4.11.7-2016050601

Added a module for Apache Struts

Added a module for ImageMagick

Added the ability to create reverse port forwards with Meterpreter

Added the ability to perform DNS lookups with Meterpreter

Metasploit 4.11.7-2016042201

Added a module for Advantech Web Access Dashboard

Added the ability to chain events in Pro Console

Deprecated DNS scanner modules

Removed warning messages during Yard doc generation

Metasploit 4.11.7-2016041901

Added a module for escalating privileges on Exim versions before 4.86.2

Fixed OpenVas and Burp files import issues

Added JCL payloads for z/OS

Added the ability to Import sites that contain up to 2,000 assets

Metasploit 4.11.7-2016040801

Fixed John the Ripper

Fixed web page previews in the Social Engineering report

Fixed human targets being tracked as "anonymous"

Metasploit 4.11.7-2016040101Fixed the API change that caused the Vulnerability Validation Wizard to fail when importing data. Link
Metasploit 4.11.7-2016032901

Added the ability to restore backups from the UI

Added the new Powershell extension for Windows Meterpreter

Changed base module class names from Metasploit3/Metasploit4 to MetasploitModule

Fixed email count tracking for campaigns

Fixed the pro_project command in pro console so that it runs without stack tracing

Moved metasploit/apps/pro/nginx to metasploit/nginx

Metasploit 4.11.7-2016031601Added an option to not add a tracking image to a phishing e-mailLink


Metasploit 4.11.6


Weekly ReleaseHighlightsOffline Update Link
Metasploit 4.11.6-2016030401

Fixed campaigns that show a target is already tracked when they are a new target

Fixed issue that caused errors when importing Nexpose data that contains vulnerability data

Metasploit 4.11.6-2016022501

Added back up and restore for Metasploit commercial editions

Added Burp Issues XML import support

Metasploit 4.11.6-2016020901Fixed issue with Acunetix importLink
Metasploit 4.11.6-2016020201Added Project Sonar integrationLink


Metasploit 4.11.5


Weekly ReleaseHighlightsOffline Update Link
Metasploit 4.11.5 (Update 2016010401)Fixed error message that appears when importing a target list that contains duplicate e-mail addressesLink
Metasploit 4.11.5 (Update 2015121501)Updated nokogiri to 1.6.7 and rspec to version 3Link
Metasploit 4.11.5 (Update 2015120901)Added the ability to mask e-mail addresses from the social engineering reportLink
Metasploit 4.11.5 (Update 2015113001)

Major improvements to social engineering campaigns that increase the mail send rate.

Substantial number of JMI/RMX ports are now supported by the RMI scanner.

The task log now displays time estimations for bruteforce tasks.

Metasploit 4.11.5 (Update 2015111801)
Metasploit 4.11.5 (Update 2015110801)

Stageless Python Meterpreter support has been added.


PSEXEC now uses PowerShell by default if the target supports it.

Metasploit 4.11.5 Update 2015110401)Hotfix to address issues with the 'Status' and 'Description' column not displaying properly on the vulnerability details page.
Metasploit 4.11.5 (Update 2015103001)

The ability to push validations and exceptions from the Vulnerability Validation Wizard have been restored.


The bruteforce task log now includes an ETA for generating a mutated credential for a specific login.


Metasploit 4.11.4



Metasploit 4.11.3



Metasploit 4.11.2

Weekly ReleaseHighlights
Metasploit 4.11.2 (Update 2015052901)Hot fix for pushing validations and exceptions from the Vulnerability Validation Wizard
Metasploit 4.11.2 (Update 2015051401)


Metasploit 4.11.1


Metasploit 4.11.0

Weekly ReleaseHighlights
Metasploit 4.11.0 (Update 2015013101)Bug fix for the Vulnerability Validation Wizard
Metasploit 4.11.0 (Update 2015012901)
Metasploit 4.11.0 (Update 2015011401)
Metasploit 4.11.0 (Update 2014122301)
Metasploit 4.11.0 (Update 2014121601)Credentials Domino MetaModule and new Bruteforce workflow


Metasploit 4.10.2


Metasploit 4.10.1


Metasploit 4.10.0


Trend Micro InterScan Messaging Security module

4 people found this helpful