Download the version of Metasploit that’s right for you.
- Downloads
- Other Products
- Other Projects
- Contact
Metasploit Framework
Metasploit Pro
Other Products
InsightVM
Rapid7’s solution for advanced vulnerability management analytics and reporting.
Free Trial
InsightIDR
Rapid7’s incident detection and response solution unifying SIEM, EDR, and UBA capabilities.
Free Trial
InsightAppSec
Rapid7’s cloud-powered application security testing solution that combines easy to use crawling and attack capabilities.
Free Trial
Other Projects
Metasploitable
Virtual machines full of intentional security vulnerabilities. Exploit at will! Metasploitable is essentially a penetration testing lab in a box created by the Rapid7 Metasploit team.
Download Now
metasploit-payloads, mettle
These are Metasploit’s payload repositories, where the well-known Meterpreter payload resides. Meterpreter has many different implementations, targeting Windows, PHP, Python, Java, and Android. The new ‘Mettle’ payload also natively targets a dozen different CPU architectures, and a number of different operating systems.
Mettle project
Metasploit-payloads project
vm-automation
Simplify interactions with virtual machines. Specifically, this was built to support automated testing by simplifying interaction with VMs. Currently, it supports VMWare Workstation through the vmrun.exe command-line application and ESXi through encapsulation of pyvmomi functions.
Download Now
Hackazon
This intentionally vulnerable web app with e-commerce functionality lets you simulate attacks against technologies used in modern applications.
Download Now
RubySMB
A native Ruby implementation of the SMB Protocol Family; this library currently includes both a Client level and Packet level support. A user can parse and manipulate raw SMB packets, or simply use the simple client to perform SMB operations.
Download Now
Metasploit Framework Installers
These include Metasploit Framework only. Updates are built about once a day. See Nightly-Installers for installation instructions for Windows, OS X and Linux.
Metasploit Pro Installers
These include the Pro UI as well as Framework. Updates are released about once every other week for Windows and Linux.
The pgp signatures below can be verified with the following public key
Metasploit Framework Source
Please see the Metasploit framework releases page for the release versions of Metasploit Framework.
Metasploit Framework Installers
These include Metasploit Framework only. Updates are built about once a day.
See Nightly-Installers for installation instructions for Windows, OS X and Linux.
Metasploit Pro Installers
These include the Pro UI as well as Framework.
Updates are released about once every other week for Windows and Linux.
The pgp signatures below can be verified with the following public key
| Download Link | File Type | SHA1 | PGP |
|---|---|---|---|
| metasploit-4.21.0-windows-x64-installer.exe | Windows 64-bit | SHA1 | PGP |
| metasploit-4.21.0-linux-x64-installer.run | Linux 64-bit | SHA1 | PGP |
| metasploit-4.20.0-windows-x64-installer.exe | Windows 64-bit | SHA1 | PGP |
| metasploit-4.20.0-linux-x64-installer.run | Linux 64-bit | SHA1 | PGP |
| metasploit-4.19.1-windows-x64-installer.exe | Windows 64-bit | SHA1 | PGP |
| metasploit-4.19.1-linux-x64-installer.run | Linux 64-bit | SHA1 | PGP |
| metasploit-4.19.0-windows-x64-installer.exe | Windows 64-bit | SHA1 | PGP |
| metasploit-4.19.0-linux-x64-installer.run | Linux 64-bit | SHA1 | PGP |
| metasploit-4.18.0-windows-x64-installer.exe | Windows 64-bit | SHA1 | PGP |
| metasploit-4.18.0-linux-x64-installer.run | Linux 64-bit | SHA1 | PGP |
| metasploit-4.17.1-windows-x64-installer.exe | Windows 64-bit | SHA1 | PGP |
| metasploit-4.17.1-linux-x64-installer.run | Linux 64-bit | SHA1 | PGP |
Metasploit Framework Source
Please see the Metasploit framework releases page for the release versions of Metasploit Framework.
Metasploit is a widely used platform for pentesting (penetration testing) + vulnerability search. In other words today we are talking about a powerful framework with an elaborate architecture and good functionality.
The tool is interesting for many reasons, but we are interested in the practical side of its use. It can be useful for system administrators, cyber-security specialists and novice hackers (but we won’t mention it here).
The frameworks include Metasploit and their commercial versions: Metasploit Pro, Express, Community, Nexpose Ultimate. We are interested in the first one because it is quite widespread and of course convenient for creating ∕-testing ∕-debugging exploits.
Metasploit Framework
The framework has a smart and intuitive interface, open source code, a large number of services and modules that are constantly being added and improved, as well as a number of features:
- fast plugin development + qualitatively optimized multiplatform;
- wide support for multiple network options and protocols;
- work with extensible utilities and libraries;
- full development and product support by the developer community.
In essence, we have here an excellent basic toolkit, the complete environment for writing and using the exploits code, as well as creating custom security tools.
The core of the tool is Rex library (for working with protocols). It has MSF Core integrated with it and then MSF Base, which is used to provide the API for the user interface (graphical ∕ console), as well as modules which are divided into categories:
- Exploit — the code of the particular vulnerability;
- Payload;
- Post;
- Encoder — obfuscation tools;
- NOP — generators of NOP.
Install Metasploit
It does not take long to install because it is pretty standard and easy to understand.
For your reference: it works on Windows, on all Linux distributions.
To install on Linux:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
chmod 755 msfinstall && \
./msfinstall
To install on Windows link is at the end of the article.
The platform itself consists of 4 working environments:
- msfconsole — the console interface, the main working environment in which various commands are used (here are examples of basic and some network commands);
- msfcli — console with the ability to create resource scripts;
- msfgui — not so popular, so skip it;
- msfweb.
We won’t go into details on how to work with the tools and tests — this is a topic for a separate tutorial article (you can find similar materials freely available on many forums, read them if you want).
Download Metasploit for free from the official site — just click the direct link below.
Download Metasploit Framework 6 for Windows 7, 8, 10, 11 — Application designed to provide you with a full-featured development platform dedicated to exploiting testing
Metasploit Framework is designed to provide you with a full-featured development platform dedicated to exploiting testing. Simply put, it provides developers everywhere with a free, but powerful way to test computer system, networks or web apps to detect potential vulnerabilities that could be exploited.
The framework features publicly available exploits and comes in handy to network security administrators that need to perform penetration tests and check patch installations. It has the capability to identify false positive threats and exploitable vulnerabilities, perform automatic vulnerability analysis, prioritize tasks, as well as perform real-time pen-testing.
Features of Metasploit Framework:
Automate Every Step of Your Penetration Test
- Conducting a thorough penetration test is time consuming for even the most experienced pentester. Metasploit makes it easy to automate all phases of a penetration test, from choosing the right exploits to streamlining evidence collection and reporting. Every hour you save is an hour you can spend digging deeper into your network.
Put Your People to the Test
- Real attackers know people are generally the weakest link in the security chain. Our penetration testing software creates sophisticated attacks to test user weaknesses, including cloning websites with the click of a button for phishing campaigns and masking malicious files for USB drop campaigns. Keep track of who falls for what to assess your user awareness—or to gain a foothold for a deeper attack.
Test with Success, Regardless of Experience
- Every organization is open to cyberattack, so every defender needs to be able to test their defenses. Metasploit Pro makes the powerful Metasploit Framework accessible to all with an easy-to-use interface, as well as wizards to get you launching and reporting on full pen tests in seconds.
Gather and Reuse Credentials
- Credentials are the keys to any network, and the biggest prize for a penetration tester. With our penetration testing software, you can catalog and track gathered creds for reporting and try them across every other system in the network with a simple credential domino wizard, ensuring you leave no stone unturned.
Become a Next-Level Pen Tester
- If you’ve already spent years becoming a Metasploit Framework expert, Metasploit Pro has a lot to offer: Maneuver through a network with ease with VPN pivoting and antivirus evasion capabilities, create instant reports on your progress and evidence, or, best of all, go down into the command line framework at any time and seamlessly use your custom scripts.
System requirements:
- 2 GHz+ processor
- 4 GB RAM available (8 GB recommended)
- 1 GB available disk space (50 GB recommended)
- Google Chrome (latest)
- Mozilla Firefox (latest)
- Microsoft Internet Explorer 11