Metasploit Pro 4.5.0 Released

created by Tod Beardsley on Dec 6, 2012 2:18 PM, last modified by shuckins on Dec 7, 2012 7:18 AM


Metasploit Pro 4.5.0 delivers completely new capabilities for running full-featured social engineering campaigns as well as significant improvements to the web application scanner.  Metasploit Pro users can run sophisticated social engineering campaigns leveraging techniques like phishing and USB drops, watch results in real-time, and present reports containing clear risk analysis and remediation advice for the human attack surface.
Metasploit 4.5.0 includes 95 new exploits, 72 new auxiliary modules, and 13 new post modules over the 4.4.0 release, for a grand total of 180 new modules, all of which are detailed below. In addition, 56 reported bugs were resolved between 4.4.0 and 4.5.0.

Modules that are new since the 2012112801 update (the last update in the 4.4.0 line) includes modules targeting the Tectia SSH server, Metasploit, Nessus, Eaton NSM, Nexpose, Microsoft Windows, SIP, Adobe Indesign, Apple Quicktime, BlazeVideo, and Ektron. They are listed immediately below.

The update for 4.4.0 to 4.5.0 will be published shortly after the release of the 4.5.0 installer, and these release notes will be updated to reflect that update's availability.

Module Changes from 2012112801

Exploit modules

Auxiliary modules

Post modules

Module Changes from 4.4 to 4.5 (includes the above)

Exploit modules 

Auxiliary modules 

Post modules 

Resolved Issues

Metasploit 4.5.0 resolved 56 reported bugs since 4.4.0.

7550    Fixed typo in psexec_command module rescue block
7472    Drupal Views User Enum Module now reports to the console as well
7465    Fixed unspecified errors in FISMA and PCI reports
7463    Improvements for invision_pboard_unserialize_exec.rb
7452    Fixed NoMethodError for enum_dirperms.rb
7378    Added missing require for auxilium_upload_exec.rb
7376    Module search now correctly sorts by platform.
7350    reverse_tcp / bind_tcp no longer fails over routed reverse_https
7345    Fixed NameError for Msf::Exploit::PhpEXE: (race condition on load)
7344    Fixed CPU Starvation seen in MeterpreterDispatcher thread
7324    Improved performance of arp_scanner, ping_sweep
7300    Created a mixin for PHP EXE type exploits
7297    Fixed msfupdate errors
7292    Fixed constant conflicts with new module loading
7291    Fixed 1.8.7 incompatibility with the new module loading code
7287    adobe_flash_otf_font no longer truncates URIPATH w/o warning
7282    Fixed syntax error in file.rb -- missing close paren
7261    Fixed missing constant Msf::Handler::BindTcp (NameError) on startup
7242    Fixed automatic targeting of ie_execcommand_uaf
7226    Fixed errors reported when reporting when RHOST is a DNS name
7218    Resolved occasional stack trace on adobe_pdf_embedded_exe
7217    stdapi_ui_disable_mouse no longer requires a mouse
7216    Resolved linux/x86/shell_bind_tcp segmentation fault
7215    GlassFish efficacy on version 3.0.1
7206    Added CVE for java_jre17_exec.rb
7201    Debugged reverse_https.rb
7191    Resolved adobe_flash_otf_font expectations
7182    Prefer "OS X" over "OSX" when describing the operating system from Apple
7176    checkpoint_hostname aux no longer fails
7165    Resolved http_form_field 'Host' header double read
7163    Resolved namespace errors
7162    current_user_psexec now loads correctly
7151    Resolved missing constant error on credentials/gpp.rb
7143    "run" tab completion from Meterpreter prompt no longer stack traces
7141    Fixed HTTPS meterpreter Rex handler
7140    smtp_deliver.rb no longer abusing is_empty?
7109    java/meterpreter/bind_tcp can now bind to other ports
7042    Meterpreter is unable to cat an empty file, it's asked to exit instead
7038    Adds ssh_creds post exploitation
7036    Resolves missing paren after revision 15556
7005    Enables post modules on linux sessions
6905    Resolves ssh_login NoMethodError
6815    Fixes a missing handle with post/windows/gather/hashdump
6544    Fixed regression in msfconsole's save
6538    Posix meterpreter is now smarter about IPv6 netmasks
6535    Regex fixes on msfvenom
6518    Added Base32 Encoding into /lib/rex/text.rb
6481    Meterpreter File.open closes the channel at the end of a block
6369    Fixed sniffer_dump typo in Posix Meterpreter
6150    Tab completion touch ups in lab_load_config
5800    Added RopDB
5427    Sniffer extension no longer completely broken
4976    Offered a workaround for Oracle support on backtrack
4727    Fixed sniffer module with the new VC10 builds
4041    Properly implement return oriented payloads by adding RobDB
507    Fixed dns_enum undefined address method (2) problems by patching up the DNS mixin

Additional Fixes in Metasploit Commercial Editions
  • Fixed an issue that could occur when trying to use resetpw or createuser helper scripts
  • Project order in quick nav now matches order on overview page
  • Fixed an issue where automatic exploitation could erroneously use OS filtering results in exploit plans
Source -


Start Penetration Testing

Download Metasploit Version 4.5

Select your preferred Metasploit installation