The open-source Metasploit Framework 5.0[1] has long been used by hackers and security professionals alike to break into systems. Now, this popular system penetration testing platform, which enables you to find, exploit, and validate security holes, has been given a long-delayed refresh.
EXTRA! Here is a link to the 2019 Metasploit Cheat Sheet!
Rapid7[2], Metasploit's parent company, announced this first major release since 2011. It brings many new features and a fresh release cadence to the program. While the Framework has remained the same for years, the program was kept up to date and useful with weekly module updates.
Also: 7 tips for SMBs to improve data security TechRepublic[3]
These modules contain the latest exploit code for applications, operating systems, and platforms. With these, you can both test your own network and hardware's security… or attack others. Hackers and security pros alike can also leverage Metasploit Framework's power to create additional custom security tools or write their own exploit code for new security holes.
With this release, Metasploit has new database and automation application programming interfaces (APIs), evasion modules, and libraries. It also includes expanded language support, improved performance, and ease of use. This, Rapid 7 claims, lays "the groundwork for better teamwork capabilities, tool integration, and exploitation at scale." That said, if you want an easy-to-use web interface, you need to look to the commercial Metasploit Pro[4].
Specifically, while Metasploit still uses a Postgresql[5] database backend, you can now run the database as a RESTful service. That enables you to run multiple Metasploit consoles and penetration tools simultaneously.
Metasploit has also opened its APIs to more users. In the past, Metasploit had its own unique APIs and network protocol and it still does. But to make it more accessible, it