The Rapid7 Metasploit development team discusses (and demonstrates!) ongoing Metasploit work and features during their bimonthly sprint meeting, including the following NEW modules:

* Micro Focus Operations Bridge Manager Authenticated Remote Code Execution (ZDI-20-1327, CVE-2020-11853)
* Micro Focus Operations Bridge Manager Local Privilege Escalation (ZDI-20-1326, CVE-2020-11858)
* WordPress ChopSlider3 id SQLi Scanner (CVE-2020-11530)
* D-Link Central WiFiManager SQL injection (CVE-2019-13373)
* KLog Server authenticate.php user Unauthenticated Command Injection (CVE-2020-35729)

Included in this recording, the team demonstrates the new KLog and WP ChopSlider modules, as well as some improvements to the user experience. We also cover recent bug fixes and enhancements.

We also demo some new fixes added to AttackerKB (the Attacker Knowledge Base)! AttackerKB is a resource to highlight hacker community knowledge on which vulns matter most — and why! You can check out the site yourself at!​

See all the latest modules, PRs, Metasploit blogs, and contributors at​.