This week's release includes 0 exploit modules and 5 auxiliary and post-exploitation modules.
Auxiliary and Post-Exploitation Modules
- F5 BigIP Access Policy Manager Session Exhaustion Denial of Service by Denis Kolegov, Nikita Oleksov, and Oleg Broslavsky
- F5 BigIP HTTP Virtual Server Scanner by Denis Kolegov, Nikita Oleksov, and Oleg Broslavsky
- F5 Networks Devices Management Interface Scanner by Denis Kolegov, Nikita Oleksov, and Oleg Broslavsky
- InfluxDB Enum Utility by Roberto Soares Espreto
- HTTP HTML Title Tag Content Grabber by Stuart Morgan
Notable Fixes and Changes
- Pro: The Pro console no longer returns a stack track when a pro command, such as pro_discover, is launched.
- Pro: Task chains now run bruteforce tasks in the order they are specified.
- Pro: Pushing validations after a Vulnerability Validation Wizard run no longer returns a stack trace.
- Pro: Pushing exceptions after a Vulnerability Validation Wizard run no longer returns a stack trace.
Upgrading after December 23, 2014
If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from erayymz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.11.1 updates to 4.11.2-2015052901
MSF3 4.11.1 updates to 4.11.2-201502901