<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
  <title>appsec.fyi — Metasploit</title>
  <link>https://appsec.fyi/tools.html#metasploit</link>
  <description>Curated Metasploit resources from appsec.fyi</description>
  <language>en-us</language>
  <atom:link href="https://appsec.fyi/feeds/tool/metasploit.xml" rel="self" type="application/rss+xml"/>
  <lastBuildDate>Fri, 17 Jul 2026 16:04:32 +0000</lastBuildDate>
  <managingEditor>carl@chs.us (Carl Sampson)</managingEditor>
  <item>
    <title>KittySploit AI-Powered Next-Generation Penetration Testing Framework With 1150 Modules</title>
    <link>https://cybersecuritynews.com/kittysploit-penetration-testing-tool/</link>
    <guid isPermaLink="true">https://cybersecuritynews.com/kittysploit-penetration-testing-tool/</guid>
    <description>KittySploit – AI-Powered Next-Generation Penetration Testing Framework With 1150+ Modules https://ift.tt/ezpS7TN</description>
    <category domain="tool">Metasploit</category>
    <category domain="difficulty">intermediate</category>
    <pubDate>Mon, 13 Jul 2026 07:29:31 +0000</pubDate>
  </item>
  <item>
    <title>Metasploit Module: Tactical RMM Jinja2 SSTI RCE (CVE-2025-69516)</title>
    <link>https://github.com/rapid7/metasploit-framework/pull/21017</link>
    <guid isPermaLink="true">https://github.com/rapid7/metasploit-framework/pull/21017</guid>
    <description>Module for Metasploit Framework enabling remote code execution via a Server-Side Template Injection (SSTI) vulnerability in Tactical RMM&#x27;s Jinja2 templating, identified as CVE-2025-69516. This module facilitates exploitation of the vulnerability to gain control over affected systems.</description>
    <category domain="tool">Metasploit</category>
    <category domain="difficulty">news</category>
    <pubDate>Wed, 22 Apr 2026 12:53:23 +0000</pubDate>
  </item>
  <item>
    <title>Metasploit Wrap-Up 04/03/2026</title>
    <link>https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-03-2026/</link>
    <guid isPermaLink="true">https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-04-03-2026/</guid>
    <description>Library updates for Metasploit Framework introduce new HTTP/HTTPS CMD payloads for Windows, enabling RCE against FreeScout (CVE-2026-27636, CVE-2026-28289) and Grav CMS (CVE-2025-50286). It also adds a generic HTTP command execution exploit, a Windows persistence technique via `UserInitMprLogonScript`, and various enhancements, bug fixes, and documentation updates.</description>
    <category domain="tool">Metasploit</category>
    <category domain="difficulty">news</category>
    <pubDate>Mon, 06 Apr 2026 02:02:54 +0000</pubDate>
  </item>
</channel>
</rss>