Metasploit 4.11.6 (Update 2016022501)

Document created by tdoan Employee on Feb 16, 2016Last modified by tdoan Employee on Oct 7, 2016
Version 2Show Document
  • View in full screen mode

New Feature: Back Up and Restore


One of the top requested features from our customers has been the ability to back up and restore Metasploit. We listened, and this week's release includes, you guessed it, the ability to back up and restore Metasploit. This new capability enables you to easily migrate data between different servers and to protect yourself against data loss.


A backup takes a snapshot of the current state of your Metasploit server and compresses the data into a ZIP file. Everything that is in your database, including your user accounts, reports, host data, logs, social engineering data, and loot, will be included in the backup. The ZIP file is saved to the apps/pro/backups location of your Metasploit directory so that you can easily share data between Metasploit servers.


To back up Metasploit, go to Administration > Global Settings > Backups.



When you create a new backup, you'll just need to provide a name and description that will help you easily identify the contents of the backup file.


A restore reverts your Metasploit server back to the state captured in the backup file. To perform a restore, you'll need to run the restore script, which is a really easy process! For more information on how to restore, read our docs!


New Modules


Exploit Modules


Auxiliary and Post-Exploitation Modules


Notable Fixes and Changes

  • PR #6480: Added network traffic obfuscation to all Meterpreters
  • PR #6501: Added Dlink DCS Authenticated Remote Code Excution Module
  • PR #6511: Updated Jsobfu to support preserved_identifiers
  • PR #6516: Added Android Meterpreter activity launching support
  • PR #6527: Added support for importing vulnerability info from Burp suite
  • PR #6529: Added tool for exploring the Pull Requests behind modules
  • PR #6540: Fixed a typo in the msu_finder.rb tool
  • PR #6541: Fixed a typo in the cisco_ssl_vpn auth module
  • PR #6544: Fixed a typo in the http_traversal module
  • PR #6547: Added a IBM Tivoli Storage Manager Fastback Denial of Service module
  • PR #6549: Added option for the CLI port with the jenkins_java_deserialize module
  • PR #6552: Fixed color codes for startup banners
  • PR #6555: Removed superflous Content-Length headers in HP OpenView modules
  • PR #6565: Added top 100 Adobe passwords
  • PR #6568: Fixed running msfvenom with Metasploit Pro packages
  • PR #6385: Added support for injecting payloads into Android App files (.apk)
  • PR #6502: Added -x flag for showing extended session info
  • PR #6526: Integrated the {peer} string into network logging by default
  • PR #6557: Fixed a bug in priv_migrate user migration
  • PR #6563: Updated the VNC creds scraper uninstall location
  • PR #6572: Updated the play_youtube module with Android support
  • PR #6584 Added CIDR notation support to the route command
  • PR #6591: Updated the wrt110 cmd exec module to not require a username
  • Pro: MS-641: A project that contains web scan data can be successfully exported and imported.
  • Pro: MS-802: A helpful error message appears when invalid search filter is entered on the Sonar Import page.
  • Pro: MS-1089: The resetpw script now resets your password as expected.
  • Pro: MS-1052: Burpsuite Issues XML files can be imported into Metasploit and converted to vulnerabilities.
  • Pro: MS-1042: The rest-client gem was updated to 1.8.0.
  • Pro: MS-1080: Large target lists that contain around 50,000 entries can be successfully imported into Metasploit.


Offline Update File


To download the offline file for this update, go to bin.


How to Upgrade


To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.


Version Information


PRO 4.11.6 updates to 4.11.6-2016022501